Homework 4: SQL Injection Attack
Due Date: 11:59 pm 4/27/24
Lab Overview
For this lab, you will use what you learned to implement exploits. You
can find the SEED lab description here
(https://seedsecuritylabs.org/Labs_20.04/Web/Web_SQL_Injection/). If
you’ve never used containers before, you may want to see the container
manual (https://github.com/seed-labs/seedlabs/blob/master/manuals/docker/SEEDManual-Container.md).
If you run this attack on your own computer, you need to install a Virtual
Box and import the SEED-Ubuntu20.04.vdi into the Virtual Box. After
that, the password for SEED account is “dees” when you log in the VM.
Tasks: You will be implementing Task 2.1, 2.2 and 2.3.
If you face some error for docker build and up, please delete your vdi
file of homework 3 from Virtual box. And import the vdi of homework 4
again.
For “Lab Environment”
, after building the container (dcbuild and
dcup), you go to the website http://seed-server.com. However, you may
go to the different webpage (not the one shown in the description). The
reason is that we need to map this hostname to the container’s IP
address. Please add the following entry to the /etc/hosts file:
10.9.0.5 http://seed-server.com
The step is as follows:
Go to the seed@VM:
Please type: sudo nano /etc/hosts
Go to the end
Please type: 10.9.0.5 http://seed-server.com
Ctrl X to save
For task 2.1, this lab does not accept the “--” as comment. It will provide
syntax error.
For task 2.2, for the special characters in the Username or Password
fields, you need to encode them properly, or they can change the
meaning of your requests. For example, if you want to include single
quote in those fields, you should use %27 instead; if you want to include
white space, you should use %20. For other special characters like “#”
Please use the following link to check the correct encoding:
https://www.urlencoder.org/
Task 1 is to make you familiar with the SQL statement. You can get
familiar with it since you need to use it for task 2 but you are not
required to put the screenshot of Task 1 in the report. Please write your
lab report according to the description of task 2.1, 2.2 and 2.3. Upload
your answers as a PDF to Canvas. In your report, please contain two
parts: (1) show your screenshot of code and some description of your
code to analyze why your code looks like this; (2) show your screenshot
of successful attack.
请加QQ:99515681 邮箱:99515681@qq.com WX:codinghelp
-
Zymeworks Announces FDA Clearance of Investigational New Drug Application for ZW171, a novel 2+1 T-cVANCOUVER, British Columbia, June 17, 2024 (GLOBE NEWSWIRE) -- Zymeworks Inc. (Nasdaq: ZYME), a clinical-stage biotechnology company developing a di2024-06-17
-
Indonesia Stock Exchange Partners with Nasdaq to Upgrade Market InfrastructureTechnology partnership will further enhance overall resilience and integrity of the exchange, while supporting the rapid deployment of new products2024-06-17
-
Adalvo 的 Liraglutide 預充式注射筆成為歐盟首款獲得批准的仿製藥馬爾他聖瓜安, June 17, 2024 (GLOBE NEWSWIRE) -- Adalvo 宣布 Liraglutide 預充式注射筆成功取得 DCP 批准,成為歐盟首款獲得批准的仿製藥。 根據 IQVIA 的報2024-06-17
-
促进生育,助力三胎——“三胎免费生”联合公益行动正式启动为积极响应国家号召实施三胎生育政策,扩大妇幼服务健康供给,在云南省优生优育妇幼保健协会指导下,昆明广播电视台联合昆明安琪儿妇产医院,于6月13日在昆明广播2024-06-17
-
学党史传承红色精神 守党纪筑牢自律防线——平安养老险湖南分公司党支部开展主题党日活动七一前夕,平安养老险湖南分公司党支部全体成员走进“千年学府、百年师范”——湖南第一师范,开展了一次学史明理、学史增信、学史崇德、学史力行的主题党日活动。重2024-06-17