Task 1a) Which programming errors are exploited by SQL-Injection attacks? Task 1

Question

Task 1a) Which programming errors are exploited by SQL-Injection attacks?

Task 1b) How can you get all names and passwords in the table by a technique called SQL injection, although you have no idea, how many users are in that table or what their names are? Moreover, you don't know a single password! Show what to enter at both input fields!

Task 1b) Are you able to find out the number of products in the table „products“ (number of products corresponds to the number of rows in table)? If yes: Show what to enter at both input fields!

Hint 1: Assume, no measurements for the defence against SQL injection were taken.

Hint 2: Please note: You cannot change the program!

Hint 3: Please note: You have no direct database account. That is, you cannot enter any complete SQL statement!

Explanation / Answer

SQL Injection means insertion of SQL Query from client application via input field provided to client.

1A) Because of SQL injection some threats can occure like existing data tampering, spoof identity, allowing complete revelation of all data on system, make data destroy or unavailable and get all rights of administrators of the database server by becoming an administrator.

1B) We can get all information from the table without knowing how many users in the table. For that purpose input in the table will be:

Name: "" or ""=""

Password: "" or ""=""

Above input is valid and it will return all rows from the table persons ,since "" or ""="" is always true.

task 1c) Yes, by using batched SQL statement we can also find out all data from product table also by using same user interface.

Input field to write for that purpose are:

Name: Max

Password: maxpass; Select * from products;

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.