SQL Injection Attack Lab

SQL injection is a code injection technique that exploits the vulnerabilities in the interface between a web applications and a database server.  The SQL Injection Attack Lab document with instructions can be found below (attached document)

Tools used: Virtual Box, Ubuntu OS.

Guidelines on how to complete SQL Injection Lab (also see attachment below):

1. Install updates: sudo apt-get update (press enter and provide password: dees)
2. Install curl: sudo apt-get install curl
3. Turn-off countermeasures
4. Using ifconfig command, you need to include sudo ifconfig because it requires root privileges.

The first document includes step by step guidelines on how to complete each task from the lab and the second document includes the safe_credential.phd file is used for Task 4.

1. sqlinjection.txt (1&2 see attached documents)

2. safe_credential.php (see atached below)

Submission guidelines: Create a separate Word doc that includes a detailed lab report describing what you have done and what you have observed.  Please provide details using screen shots and code snippets.  You also need to provide explanations for the observations that are most interesting or surprising.

Here is an example i found online done by someone else:

https://github.com/aasthayadav/CompSecAttackLabs

you might a lot more online depending on how you do your research. if you have any questions, please send me a message. 

Thank you