Explanation & Answer
I will send in few hours
Here is chapter 5:
Lab 5.1|i: Questions
Step 2: connect to the Mutillidae web site and execute the first attack:
2b. what is the current version?
20a. What version of PHP is being used?
20b. what version of SQL is being used?
20c. How many available databases are there?
7 available databases are there.
22a.What information is displayed?
The Information displays about the database and Credit card numbers.
22b. Should you be able to see this information? why or why not?
Yes, we are able to grab sensitive data by passing queries to the SQL database.
step 3:Execute the second attack.
3a. Are you logged in?
3b. Who are you logged in as?
Lab 5.1 Analysis Questions
1. What is a SQL injection attack, and what are the potential results (impact on
confidentiality, integrity, and availability)?
a. A SQL injection attack consists of insertion or "injection" of a SQL query via the
input data from the client to the application. A successful SQL injection exploit
can read sensitive data from the database, modify database data
(Insert/Update/Delete), execute administration operations on the database (such as
shutdown the DBMS), recover the content of a given file present on the DBMS
file system and in some cases issue commands to the operating system. SQL
injection attacks are a type of injection attack, in which SQL commands are
injected into data-plane input in order to effect the execution of predefined SQL
b. Confidentiality will be compromised if a successful attack occurs because
sensitive data can be read from the database without permission. The integrity is
compromised because a hacker could delete, update or insert data into a database.
If an attacker is successful th...