Homework 4: SQL Injection Attack
Due Date: 11:59 pm 4/27/24
Lab Overview
For this lab, you will use what you learned to implement exploits. You
can find the SEED lab description here
(https://seedsecuritylabs.org/Labs_20.04/Web/Web_SQL_Injection/). If
you’ve never used containers before, you may want to see the container
manual (https://github.com/seed-labs/seedlabs/blob/master/manuals/docker/SEEDManual-Container.md).
If you run this attack on your own computer, you need to install a Virtual
Box and import the SEED-Ubuntu20.04.vdi into the Virtual Box. After
that, the password for SEED account is “dees” when you log in the VM.
Tasks: You will be implementing Task 2.1, 2.2 and 2.3.
If you face some error for docker build and up, please delete your vdi
file of homework 3 from Virtual box. And import the vdi of homework 4
again.
For “Lab Environment”
, after building the container (dcbuild and
dcup), you go to the website http://seed-server.com. However, you may
go to the different webpage (not the one shown in the description). The
reason is that we need to map this hostname to the container’s IP
address. Please add the following entry to the /etc/hosts file:
10.9.0.5 http://seed-server.com
The step is as follows:
Go to the seed@VM:
Please type: sudo nano /etc/hosts
Go to the end
Please type: 10.9.0.5 http://seed-server.com
Ctrl X to save
For task 2.1, this lab does not accept the “--” as comment. It will provide
syntax error.
For task 2.2, for the special characters in the Username or Password
fields, you need to encode them properly, or they can change the
meaning of your requests. For example, if you want to include single
quote in those fields, you should use %27 instead; if you want to include
white space, you should use %20. For other special characters like “#”
Please use the following link to check the correct encoding:
https://www.urlencoder.org/
Task 1 is to make you familiar with the SQL statement. You can get
familiar with it since you need to use it for task 2 but you are not
required to put the screenshot of Task 1 in the report. Please write your
lab report according to the description of task 2.1, 2.2 and 2.3. Upload
your answers as a PDF to Canvas. In your report, please contain two
parts: (1) show your screenshot of code and some description of your
code to analyze why your code looks like this; (2) show your screenshot
of successful attack.
请加QQ:99515681 邮箱:99515681@qq.com WX:codinghelp
- 赛诺威盛:大孔径专科化CT领航者
- 网易硬刚腾讯 两大游戏玩家之间的口水仗不断
- 全球“最独特”的一台华为 nova 6 5G 版手机是什么样子的?
- 拼多多抖音淘宝京东,谁是真低价?
- 老杨第一次再度抓握住一瓶水,他由此产生了新的憧憬
- 丰田章男称未来依然需要内燃机 已经启动电动机新项目
- B站更新决策机构名单:共有 29 名掌权管理者,包括陈睿、徐逸、李旎、樊欣等人
- 苹果罕见大降价,华为的压力给到了?
- 三明列东又有房子要拆迁!住这里的人要发了!
- 放大招后,广州又忍不住了…
- 私募积极加仓,百亿股票私募仓位指数创出近八周新高
- 他,传闻中马云最想见的人
- 升级的脉脉,正在以招聘业务铺开商业化版图
- 如何经营一家好企业,需要具备什么要素特点
- 智慧驱动 共创未来| 东芝硬盘创新数据存储技术