Programming
SQL Injection Assignment

Question Description

Only take this if you know about SQL Injection. I have people who get me zeros before.

Unformatted Attachment Preview

Georgia Gwinnett College School of Science and Technology ITEC 4320: Internet Security SQL Injection This assignment involves basic exercises on SQL injection. For the assignment you need basic knowledge of SQL and php, for which https://www.w3schools.com/ is a good source of reference. If you have not installed Apache, MySQL or php, please do so by following the instructions posted on D2L. 1. Login to MySQL as testuser that you created in class. Then create a new table named users in the database testbd which you also created in class. $ mysql –u testuser –p mysql> use testdb; mysql> create table users (name varchar(20), login varchar(20), passwd varchar(20)); 2. Insert two rows to the table users as follows. mysql> insert into users (name, login, passwd) values (‘LeBron James’, ‘LeBron’, ‘welcomeLBJ’); mysql> insert into users (name, login, passwd) values (‘Steph Curry’, ‘steph’, ‘welcomeSteph’); 3. Download SQL_Inj.zip which is attached to the assignment. Unzip it and move the two files login.html and login_insecure.php therein to the directory /var/www/html. Open login_insecure.php and change the value of the variable $db_password to the password of your own testuser. 4. While in the directory /var/www/html, copy login_insecure.php to login.php. $ sudo cp login_insecure.php login.php Access login.html from your browser and make sure that you can login as LeBron and Steph. 5. [20 Points] Use SQL injection to login as the first user of the database without that user’s username and password. If your attack is successful, you should login as LeBron James. Give here the values you provide for the Username and Password fields in this attack. 6. [20 Points] Knowing that LeBron James is the first user in the database, use SQL injection to login as the second user of the database without that user’s username and password. If your attack is successful, you should login as Steph Curry. Give here the values you provide for the Username and Password fields in this attack. 7. [20 Points] Use SQL injection to update the password of Steph Curry to a password of your choice. Give here the values you provide for the Username and Password fields in this attack. Also take a screenshot of the users table and paste the screenshot here. 8. [20 Points] Use SQL injection to insert a new user into the table users. Give here the values you provide for the Username and Password fields in this attack. Also take a screenshot of the users table and paste the screenshot here. 9. [80 Points] Modify the code login.php so that a prepared statement is used for the query that searches and authenticates the user. Verify that using the prepared statement prevents each of the above attacks. Save your modified code as login_prep.php. 10. Submit this file and the code login_prep.php into the dropbox. ...
Purchase answer to see full attachment

Final Answer

Hello check the solution .pleas unzip to check login_prep.php.Thank you for your time

Georgia Gwinnett College
School of Science and Technology
ITEC 4320: Internet Security
SQL Injection
This assignment involves basic exercises on SQL injection. For the assignment you need basic
knowledge of SQL and php, for which https://www.w3schools.com/ is a good source of
reference.
If you have not installed Apache, MySQL or php, please do so by following the instructions
posted on D2L.
1. Login to MySQL as testuser that you created in class. Then create a new table named users
in the database testbd which you also created in class.

$ mysql –u testuser –p
mysql> use testdb;
mysql> cr...

ProfDwayne01 (6490)
UIUC

Anonymous
Top quality work from this tutor! I’ll be back!

Anonymous
Just what I needed… fantastic!

Anonymous
Use Studypool every time I am stuck with an assignment I need guidance.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors