Game_Difficulty
Posts: 2
Joined: Wed Jan 02, 2019 10:25 pm
Occupation: Student

SQL Injection attack

Postby Game_Difficulty » Thu Jan 03, 2019 4:27 pm

Okay, hello!
So I am currently working on the Preventing SQL Injection project. The problem that I have, and it sounds stupid, is that I don't know what the name of the database is for the virtual website (the one by science buddies). I already have some basic knowledge of SQL (thanks to Codecademy and kahnacedemy) on how to do things like create a new table, modify data on a user, etc. but the commands require the name of the database. I don't know if it's not there or if it is and I'm just not paying attention, but I've been stuck on it for a while. Am I suppose to use a command to figure it out? Search it up on the internet? Or is it in plain sight? I'm not sure, but any help would be greatly appreciated.

Thank you :3 :)

- Game_Difficulty

bfinio
Expert
Posts: 357
Joined: Mon Aug 12, 2013 2:41 pm
Occupation: Science Buddies Staff

Re: SQL Injection attack

Postby bfinio » Mon Jan 07, 2019 10:53 am

Hi Game_Difficulty - the name of the table is "users," however you shouldn't actually need that information in order to perform the attack. I don't want to say too much more because I'd be giving it away - check out the other resources in the project's bibliography if you haven't already. Good luck!

Game_Difficulty
Posts: 2
Joined: Wed Jan 02, 2019 10:25 pm
Occupation: Student

Re: SQL Injection attack

Postby Game_Difficulty » Wed Jan 09, 2019 6:28 pm

bfinio,
Hi! Thank you so much for responding and giving me that piece of advice. I actually was able to perform an attack which then allowed me to see all the users in the database, login as different users and see all the users addresses at once. :D However, just like RedStoneMan I cannot seem to figure out how to look up another users password or also, in my case, add a new user, modify data about a user, create a new table, etc. etc. I know what code to write and I know that the codes are right but nothing seems to be working. If you, or anyone else, are able to give me a hint or a nudge towards what direction I should head, I would once again greatly appreciate it. My deepest apologies for the bother.

Thank you
- Game_Difficulty :3

LeungWilley
Expert
Posts: 305
Joined: Mon Jan 12, 2009 11:15 pm
Occupation: Electrical Engineer

Re: SQL Injection attack

Postby LeungWilley » Thu Jan 10, 2019 8:18 pm

Hi Game_Difficulty,
I just came across / responded to RedStoneMan's post and I think i would like to request the same info from you please.
When you say nothing seems to be working, are you "logged in" as the user who have the permission to insert records / create tables, etc...?

Please let us know. Good Luck with your experiment!
Willey


Return to “Grades 9-12: Math and Computer Science”