17.2.6 Lab Attacking a MySQL Database - PanamaP/KEST3CO05DU GitHub Wiki

What are the two IP addresses involved in this SQL injection attack based on the information displayed?

10.0.2.4 and 10.0.2.15

The attacker has entered a query (1’ or 1=1 union select null, version ()#) into a UserID search box on the target 10.0.2.15 to locate the version identifier. Notice how the version identifier is at the end of the output right before the . closing HTML code. Question: What is the version?

version: 5.7.12-0

What would the modified command of (1' OR 1=1 UNION SELECT null, column_name FROM INFORMATION_SCHEMA.columns WHERE table_name='users') do for the attacker?

miklu styttra output sem synir notendur

Which user has the password hash of 8d3533d75ae2c3966d7e0d4fcc69216b?

notandi: 1337

c. Using a website such as https://crackstation.net/, copy the password hash into the password hash cracker and get cracking. Question: What is the plain-text password?

charley

Reflection Questions

1. What is the risk of having platforms use the SQL langauge?

Ef inputs sem þeir fá eru ekki sanitized þá getur hvaða upplýsingar sem er sem gagnagrunnurin geymir verið lekið.

2. Browse the internet and perform a search on “prevent SQL injection attacks”. What are 2 methods or steps that can be taken to prevent SQL injection attacks?

   1. Validate User Inputs
   2. Use Stored Procedures In The Database