Cryptosmith

Cyber and security architecture, not bitcoins

SQL and Injection Attacks

This is intended to take place interactively with the instructor observing and helping as needed.

First, become familiar with basic SQL query elements

Use this online SQL interpreter: https://www.w3schools.com/sql/trysql.asp?filename=trysql_asc

  1. Look at the databases
  2. Try a “Where” clause to select one row
  3. Try “Where” to select multiple rows
  4. Try “Where” that is always true

Part 2: Experiment with SQL injection

Follow the example on this web page: https://www.codingame.com/playgrounds/154/sql-injection-demo/sql-injection

Try logging in with both the actual password and with the bogus injection statement.

I find it’s easiest to have a text editor nearby and open. Construct your SQL injection in the text editor and then paste it into the password field. Try different “true” expressions.

Favorite Posts

Memory Sizes: kilo mega giga tera peta exaOctober 18, 2013
SCI//HCS-P/SI/TK at Mar-a-LagoJune 4, 2023
Password Hashing and CrackingMarch 26, 2021
Kilo mega giga teraOctober 19, 2013
Password SanityOctober 20, 2014
Stream Cipher Reuse: A Graphic ExampleMay 31, 2008

ACSAC Android Apple attacks authentication Bitcoin Boak Calibre certificates CIA properties classified Clinton cloud computing Coursera CPU cracking crypto cybercurrency databases design principles domain names Drupal ebooks elections email encrypted messages evaluations file systems flaws Ft. Meade GUI history iOS iPhone KGB Kindle library malware memory sizes Microsoft mobile security MSSE Multics NSA NSTISSI 4011 OPDS passwords phishing President quantum Quizlet RAM risks secrecy spam SSL stream cipher TCSEC Top Secret training Trump UMN video Wordpress xor