MySQL and PHP Integration Lab - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

SQL Commands: https://github.com/Hsanokklis/2023-2024-Tech-journal/wiki/SQL-Database-Commands

• Start your rocky VM
• Make sure that httpd and mariadb service are running
• Connect to your mysql configuaration
  • mysql -u root -p
• Check to see that the pets database is present
• First, we need to create a new MySQL user that Apache/PHP will use to access the DB
  • CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
  • Then, replace user and password with your values: * GRANT ALL PRIVILEGES ON pets.* To 'user'@'localhost' IDENTIFIED BY 'password';

• Exit MySQL and then log back in as your new user (mysql -u user -p) to verify the account works and can access the pets database

For this challenge, you will create an html form to look up a cat's birthday from the glitter database. To do this, you can create two files in your /var/www/html directory:

• birthday.html
  • this file has the form that users can browse to and enter a cat's name

• birthday.php
  • the php script that the birthday.html form calls and performs a query in the mysql database

• It is easiest to modify the birthday page/script for this challenge so make copies of birthday.html and birthday.php as owner.html and owner.php
• Modify owner.html so that he form asks for the owner's last name and then calls owner.php
  • in addition to the text changes update name='"name" to name="owner" for the input box.
• Modify owner.php so it looks up and displays the car record for that owner.
  • The POST parameter is now called owner
  • Update the echo line to have the different fields from the database display for the cat's record
  • </br> adds a line break if you want them on different lines

The forms and scripts we have created are vulnerable to SQL injection. The challenge is to see if you can display all cat's birthdays (birthdate form) and/or records (owner form) using SQL injection.

Hints:

• The key is closely reviewing the "$query = syntax" section. Spend some time writing out what the query would look like as it is passed to the database.
• You will want to add an OR statement to the WHERE clause that is always true.
• Pay attention to the single quotes!

• OR '1'='1

• OR '1'='1