Project 11: SQL Injection 2 (10 pts.)

What You Need

Purpose

To practice advanced SQL injection techniques.

Opening the SQL Hands-On Page

In a Web browser, open this page:

https://attack.samsclass.info/sqlol-raw/SQL-tutorial2.htm

1. Reset the Database

In section 1 click the Reset button.

2. SQL Database Structure

Read through section 2 to understand essential SQL concepts.

3. Blocking Apostrophes

Try all the queries shown, and find one that reveals social security numbers, as shown below.

Saving the Screen Image

Make sure social security numbers are visible, and that the title of the table is "Usernames Found (Blocking Apostrophes)", as shown above.

Save a whole-desktop image with a filename of "Proj 11a from YOUR NAME".

4. Blocking SELECT

Construct a query that reveals social security numbers, as shown below.

Saving the Screen Image

Make sure social security numbers are visible, and that the title of the table is "Usernames Found (Blocking SELECT)", as shown above.

Save a whole-desktop image with a filename of "Proj 11b from YOUR NAME".

Turning In Your Project

Email the images to cnit.129s@gmail.com with a subject of "Project 11 from YOUR NAME".


Last modified 10-31-16