Question

In: Computer Science

Can you please explain and show how you would complete the following SQL Injection Attacks tasks...

Can you please explain and show how you would complete the following SQL Injection Attacks tasks using the SEED lab seed Ubuntu 16.04 Virtual Machine:

Task 3.1: Modify your own salary.

As shown in the Edit Profile page, employees can only update their nicknames, emails, addresses, phone numbers, and passwords; they are not authorized to change their salaries. Assume that you (Alice) are a disgruntled employee, and your boss Boby did not increase your salary this year. You want to increase your own salary by exploiting the SQL injection vulnerability in the Edit-Profile page. Please demonstrate how you can achieve that. We assume that you do know that salaries are stored in a column called salary.

Task 3.2: Modify other people’ salary.

After increasing your own salary, you decide to punish your boss Boby. You want to reduce his salary to 1 dollar. Please demonstrate how you can achieve that.

Task 3.3: Modify other people’ password.

After changing Boby’s salary, you are still disgruntled, so you want to change Boby’s password to something that you know, and then you can log into his account and do further damage. Please demonstrate how you can achieve that. You need to demonstrate that you can successfully log into Boby’s account using the new password. One thing worth mentioning here is that the database stores the hash value of passwords instead of the plaintext password string. You can again look at the unsafe edit backend.php code to see how password is being stored. It uses SHA1 hash function to generate the hash value of password. To make sure your injection string does not contain any syntax error, you can test your injection string on MySQL console before launching the real attack on our web application.

Please include screenshots along the way, thank you!

Solutions

Expert Solution

if you have any doubt then please ask me without any hesitation in the comment section below , if you like my answer then please thumbs up for the answer , before giving thumbs down please discuss the question it may possible that we may understand the question different way and we can edit and change the answers if you argue, thanks :)

venereology answered 1 hour ago
Next > < Previous

Related Solutions

Write and run SQL statements to complete the following tasks Show the details of the employees...
Write and run SQL statements to complete the following tasks Show the details of the employees who are located in area code 901 and their manager employee number is 108. Show the details of the employees who are also mangers. Show the details of the customers whose balance is greater than 220 but less than 500. Show the details of the customers whose balance is highest. Show customer 10014’s name and the product’s descriptions which he/she purchased and the number...
Write and run SQL statements to complete the following tasks. Show customer 10014’s name and the...
Write and run SQL statements to complete the following tasks. Show customer 10014’s name and the product’s descriptions which he/she purchased and the number of units of each. Add a new attribute (column) engaged varchar(3) to the customer table and update the engaged attribute for the customers who have not generated any invoice to ‘No’. Task 2 should be completed in two steps i.e. two SQL commands. Sql file -- Creating Tables .headers on .mode column .separator , DROP TABLE...
Please explain how you got the answer thank you. • Task 2.1: SQL Injection Attack from...
Please explain how you got the answer thank you. • Task 2.1: SQL Injection Attack from webpage. Your task is to log into the web application as the administrator from the login page, so you can see the information of all the employees. We assume that you do know the administrator’s account name which is admin, but you do not know the ID or the password. You need to decide what to type in the Employee ID and Password fields...
SQL injection attacks continue to be a significant attack vector for threat actors. Use the Internet...
SQL injection attacks continue to be a significant attack vector for threat actors. Use the Internet to research these attacks. What are some recent attacks that have been initiated by SQL injection? How were they conducted? What defenses are there against them? Write a one-page paper on your research.
Please complete the following problems. Show as much work as you can, and complete the problems...
Please complete the following problems. Show as much work as you can, and complete the problems as neatly as possible. The x in [x] after each problem denotes the point value. For each problem, perform the following steps. Assume that all variables are normally or approximately normally distributed. State the hypothesis and identify the claim. Find the critical value(s). Compute the test value. Make the decision. Summarize the results. The heights (in feet) for a random sample of world famous...
Can you please show how you would solve the following using excel? Step by Step? Kaelea,...
Can you please show how you would solve the following using excel? Step by Step? Kaelea, Inc., has no debt outstanding and a total market value of $117,000. Earnings before interest and taxes, EBIT, are projected to be $8,300 if economic conditions are normal. If there is strong expansion in the economy, then EBIT will be 23 percent higher. If there is a recession, then EBIT will be 32 percent lower. The company is considering a $41,700 debt issue with...
Please complete the following problems. Please explain and show your work for all calculations: You intend...
Please complete the following problems. Please explain and show your work for all calculations: You intend to purchase a 10-year, $1,000 face value bond that pays interest of $60 every six months. If the yield to maturity is 10% with semiannual compounding, how much should you be willing to pay for this bond? A ten year bond with a coupon rate of 12% (payable annually) and a face value of $1,000 is selling for $1,192.50 today. What is the bond’s...
Please show how you get to the answer and explain it! Please thoroughly show how to...
Please show how you get to the answer and explain it! Please thoroughly show how to do this! I'm so confused. Given the following information for Gator Company who uses the LIFO method: ​ ​ ​ ​ Net ​ NRV Minus ​ ​ ​ Realizable Replacement Normal Item Quantity Cost Value Cost Profit 1 1 $17.70 $24.60 $18.00 $17.10 2 1 10.80 8.28 9.30 5.58 3 1 72.00 64.80 67.20 57.60 4 1 4.80 3.12 2.88 2.64 5 1 12.00...
Create one sql script file to complete the following. You cannot run separate SQL statements for...
Create one sql script file to complete the following. You cannot run separate SQL statements for the homework. You will also need to place a semicolon after each SQL statement, a requirement for SQL files containing multiple SQL statements Lesson 3 Write a query to display the current date. Label the column DATE. Display the last name of all employees who have an A and an E in their last name. For each employee, display the employee number, last_name, salary,...
Please answer in less than an hour :) Can you explain and show how we get...
Please answer in less than an hour :) Can you explain and show how we get the Specific Cutting pressure in GPa if vertical force is 0.882 kN, feed rate is .0508 mm/rev, and depth of the cut is 1.8161 mm.  
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT