Project 11: SQL Injection 2 (10 pts.)
What You Need
- Any computer with a Web browser
Purpose
To practice advanced SQL injection techniques.
Opening the SQL Hands-On Page
In a Web browser, open this page:
https://attack.samsclass.info/sqlol-raw/SQL-tutorial2.htm
1. Reset the Database
In section 1 click the Reset button.
2. SQL Database Structure
Read through section 2 to understand
essential SQL concepts.
3. Blocking Apostrophes
Try all the queries shown, and find one
that reveals social security numbers,
as shown below.
Saving the Screen Image
Make sure social security numbers are
visible, and that the title of the table
is "Usernames Found (Blocking Apostrophes)",
as shown above.
Save a whole-desktop image
with a filename of "Proj 11a from YOUR NAME".
4. Blocking SELECT
Construct a query
that reveals social security numbers,
as shown below.
Saving the Screen Image
Make sure social security numbers are
visible, and that the title of the table
is "Usernames Found (Blocking SELECT)",
as shown above.
Save a whole-desktop image
with a filename of "Proj 11b from YOUR NAME".
Turning In Your Project
Email the images to cnit.129s@gmail.com with a subject of
"Project 11 from YOUR NAME".
Last modified 10-31-16