Overview

SQL Injection

Injection flaws are the number one application security risk from the OWASP Top 10- 2017. These include SQL, NoSQL, OS, and LDAP injections and occur when untrusted data is sent to the interpreter as a query or command. The untrusted data could be malicious and can trick the interpreter into executing unintended commands or provide access to data without the proper authorization. SQL Injection attacks are the most prevalent attack type against injection flaws in vulnerable systems. SQL Injection attacks consist of inserting characters into existing SQL commands with the intent of altering the intended behavior of the command. An example of this would be a website login page. If there is no input validation in place, an attacker could enter the following SQL statement in the UserID field to return all names and passwords from the database.

SELECT UserID, Name, Password FROM Users WHERE UserId = 200 or 1=1;

You will notice that 1=1 is always a true statement so the database will render the information from this table back to the attacker. You can protect against this by using input validation, which ensures only approved characters are accepted and by using whitelists and blacklists of characters.

RangeForce's Secure Coding Lab SQL Injection - OWASP Top 10 is a premium lab aimed to prepare you to recover from SQL injection attacks. The Rangeforce's Secure Coding Lab SQL Injection - OWASP Top 10 lab environment offers you the ability to choose your geographical location (from a predetermined list) to start your “mission.” You are provided a scenario in the lab that your organization’s data has been compromised by attackers and you have a limited amount of time to resolve the incident before your ISP takes down your Web server.
Your goal is to gain access to the criminal hacker’s webshop they have installed on your server, recover your data, and then take down the criminal hacker’s webshop. You will accomplish this by executing a SQL injection attack against a login form, escalating privileges, recovering your data by obtaining the decryption key, gaining access through ssh, and then finally replace the criminal hacker’s webshop with your own page.