forked from WebGoat/WebGoat
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'JeffreyWagnerBHN-develop' into develop
- Loading branch information
Showing
1 changed file
with
12 additions
and
12 deletions.
There are no files selected for viewing
24 changes: 12 additions & 12 deletions
24
...ction/src/main/resources/lessonPlans/en/SqlInjection_introduction_content8.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,26 +1,26 @@ | ||
| == Compromising confidentiality with String SQL injection | ||
| If a system is vulnerable to SQL injections it is also easy to compromise aspects of the CIA triad _(if you are unfamiliar with the CIA triad check out the CIA triad lesson in the general category)_. | ||
| In the following three lessons, you will learn how to use simple SQL injection attacks to compromise each of the three. Per example by using _SQL string injections_ or _query chaining_. | ||
| If a system is vulnerable to SQL injections, aspets of that system's CIA triad can be easily compromoised _(if you are unfamiliar with the CIA triad, check out the CIA triad lesson in the general category)_. | ||
| In the following three lessons you will learn how to compromise each aspect of the CIA triad using teachniques like _SQL string injections_ or _query chaining_. | ||
|
|
||
| This lesson, we will take a look at *confidentiality*. | ||
| Confidentiality can easily be compromised if an attacker uses SQL injection to read sensitive data from the database. For example reading credit card numbers or passwords. | ||
| In this lesson we will look at *confidentiality*. | ||
| Confidentiality can be easily compromised by an attacker using SQL injection to read sensitive data like credit card numbers from a database. | ||
|
|
||
| === What is String SQL injection? | ||
| If queries are build dynamically in the application by concatenating strings to it, this makes it very susceptible to String SQL injection. + | ||
| If the input takes a string and that one gets inserted into the query as a string parameter, then you can easily manipulate the build query by using quotation marks to form the string to your specific needs. | ||
| You could per example end the string parameter with it and input your own SQL after that. | ||
| If queries are built dynamically in the application by concatenating strings to it, this makes it very susceptible to String SQL injection. + | ||
| If the input takes a string that gets inserted into a query as a string parameter, then you can easily manipulate the build query using quotation marks to form the string to your specific needs. | ||
| For example, you could end the string parameter with quotation marks and input your own SQL after that. | ||
|
|
||
| === It is your turn! | ||
| You are an employee named John *Smith* working for a big company. | ||
| The company has an internal system that allows all employees to see their own internal data, like the department they work in and their salary. | ||
| The company has an internal system that allows all employees to see their own internal data - like the department they work in and their salary. | ||
|
|
||
| The system requires the employees to use a unique _authentication TAN_ to view their data. + | ||
| Your current TAN is *3SL99A*. | ||
|
|
||
| Since you always have the urge to be the most earning employee you want to exploit the system and instead of viewing your own internal data _take a look at the data of all your colleagues_ to check their current salaries. | ||
| Since you always have the urge to be the most earning employee, you want to exploit the system and instead of viewing your own internal data, _ you want to take a look at the data of all your colleagues_ to check their current salaries. | ||
|
|
||
| Use the form below and try to retrieve all the employee data from the *employees* table. You should not need to know any specific names or TANs to get the information you need. + | ||
| You already found out that the query performing your request looks like that: | ||
| Use the form below and try to retrieve all employee data from the *employees* table. You should not need to know any specific names or TANs to get the information you need. + | ||
| You already found out that the query performing your request looks like this: | ||
| ------------------------------------------------------------ | ||
| "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'; | ||
| ------------------------------------------------------------ | ||
| ------------------------------------------------------------ |