Hello and welcome to the Cyber Aires Secure coding course my name Miss anywhere, and this is AWAS Top 10 for 2013. A one injection lab in Solution.
This is the video solution for string sequel injection, so that's in your injection flaws
String sequel injection. So it says the form below allows the user to view their credit card number.
Try to inject a sequel string that results in all the credit card numbers being displayed.
Now because we know that Smith
is a valid value, we can use that to our advantage and basically
something that is valid.
Terminate that sequel. Try to perform our one equals one attack.
Now, since we're dealing with people's names, we're not goingto work with numbers. So instead, we just switched around to be letters
so we'll just try something like B
And there we have it. So now we're able to actually view
all of the contents for
This'll table is user data.
now that you have successfully performed a sequel injection, try the same type of attack on a perimeter rise query.
I don't really know why they put this in here. I guess it's kind of a trick question. But
a parameter rise query that's done properly using bind variables or, if you want to think of it as a store procedure with buying variables,
means that sequel injection will be prevented so it actually neutralizes
the parameter that is sent in. So even if we were to perform,
ah, a sequel injection
into a perimeter rise query. The database would not execute the statement, as as it does for us here,
So, uh, so that basically ends this lesson.