软件安全代写 | FIT 3173 Software Security Assignment II

本次澳洲代写主要为软件安全相关的assignment

FIT 3173 Software Security Assignment II

3 SQL Injection Attack – Using SQLi Lab [50 Marks]
SQL injection is a code injection technique that exploits the vulnerabilities in the interface between web ap-
plications and database servers. The vulnerability is presented when user’s inputs are not correctly checked
within the web applications before sending to the back-end database servers.
Many web applications take inputs from users, and then use these inputs to construct SQL queries, so
the web applications can pull the information out of the database. Web applications also use SQL queries
to store information in the database. These are common practices in the development of web applications.
When the SQL queries are not carefully constructed, SQL-injection vulnerabilities can occur. SQL-injection
attacks is one of the most frequent attacks on web applications.
In this part, we modify a web application called SQLi Lab, which is designed to be vulnerable to
the SQL-Injection attack. Although the vulnerabilities are artificially created, they capture the common
mistakes made by many web developers. Your goal in this part is to find ways to exploit the SQL-injection
vulnerabilities, demonstrate the damage that can be achieved by the attacks, and master the techniques that
can mitigate such attacks.

The database of SQLi Lab, named Users, can be traced and manipulated when we login to MySQL
Console by using following commands:
mysql -u root -pseedubuntu
show databases;
use Users;
describe credential;
3.1 Task 1: SQL Injection Attack on SELECT Statements [5 Marks]
In this task, you need to manage to log into SQLi Lab at www.seedlabsqlinjection.com, without
providing a password. You can achieve this by using SQL injection. Normally, before users start using SQLi
Lab, they need to login using their user names and passwords. SQLi Lab displays a login window to users
and ask them to input username and password. The login window is displayed in the following:
The authentication function is implemented by unsafe home.php in the SQLi Lab root directory
(i.e., /var/www/SQLInjection/). It uses the user-provided data to find out whether they match with
the Username and Password fields of any record in the database. If there is a match, it means the user
has provided a correct username and password combination, and should be allowed to login. Like most web
applications, PHP programs interact with their back-end databases using the standard SQL language. In
SQLi Lab, the following SQL query is constructed in unsafe home.php to authenticate users:

// create a connection
$conn = getDB();
// Sql query to authenticate the user
$sql = “SELECT id, name, eid, salary, birth, ssn,
phoneNumber, address, email,nickname,Password
FROM credential
WHERE name= ’$input_uname’ and Password=’$hashed_pwd’”;
// query
$result = $conn->query(sql);
if (found one record)
then {allow the user to login}
In the above SQL statement, the variable $input uname holds the string typed in the Username textbox,
and $hashed pwd holds the string typed in the Password textbox. User’s inputs in these two textboxs
are placed directly in the SQL query string.