External Exam Download Resources Web Applications Games Recycle Bin

SQL Injection

Reset reportcards.db

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.

The URL the web application below loads is:

https://digisoln.com/sqlinject/viewreport?name=Angelina

The name value 'Angelina' injects into the following line of code:

result = db.cursor().execute("SELECT name,code,subject,effort,grade,comment FROM grades WHERE name = '" + name + "'").fetchall()

Where the resulting query (after injection) becomes:

SELECT name,code,subject,effort,grade,comment FROM grades WHERE name = 'Angelina'

Knowing this, we can try an SQL injection to give us both Angelina and Bradleys reports:

https://digisoln.com/sqlinject/viewreport?name=Angelina' OR 'Bradley

Where the resulting query (after injection) now becomes:

SELECT name,code,subject,effort,grade,comment FROM grades WHERE name = 'Angelina' OR 'Bradley'

Taking this a step further, we can try an SQL injection to give us more data we aren't supposed to see:

https://digisoln.com/sqlinject/viewreport?name=' OR '1==1

Given this, the resulting query (after injection) becomes:

SELECT name,code,subject,effort,grade,comment FROM grades WHERE name = '' OR '1==1'

You can try this yourself using the following interface.

The the assigned grades are entirely random. If you need to reset the database, use the reset reportcards.db utility.

Report Card Web Application user1

You have: 2 student reports waiting

Instructions for use
  1. Start typing student name below
  2. Click on name that pops up underneath
  3. Click View