data编程代写、代做SQL编程语言

日期：2024-04-27 08:40

Homework 4: SQL Injection Attack

Due Date: 11:59 pm 4/27/24

Lab Overview

For this lab, you will use what you learned to implement exploits. You

can find the SEED lab description here

(https://seedsecuritylabs.org/Labs_20.04/Web/Web_SQL_Injection/). If

you’ve never used containers before, you may want to see the container

manual (https://github.com/seed-labs/seedlabs/blob/master/manuals/docker/SEEDManual-Container.md).

If you run this attack on your own computer, you need to install a Virtual

Box and import the SEED-Ubuntu20.04.vdi into the Virtual Box. After

that, the password for SEED account is “dees” when you log in the VM.

Tasks: You will be implementing Task 2.1, 2.2 and 2.3.

If you face some error for docker build and up, please delete your vdi

file of homework 3 from Virtual box. And import the vdi of homework 4

again.

For “Lab Environment”

, after building the container (dcbuild and

dcup), you go to the website http://seed-server.com. However, you may

go to the different webpage (not the one shown in the description). The

reason is that we need to map this hostname to the container’s IP

address. Please add the following entry to the /etc/hosts file:

10.9.0.5 http://seed-server.com

The step is as follows:

Go to the seed@VM:

Please type: sudo nano /etc/hosts

Go to the end

Please type: 10.9.0.5 http://seed-server.com

Ctrl X to save

For task 2.1, this lab does not accept the “--” as comment. It will provide

syntax error.

For task 2.2, for the special characters in the Username or Password

fields, you need to encode them properly, or they can change the

meaning of your requests. For example, if you want to include single

quote in those fields, you should use %27 instead; if you want to include

white space, you should use %20. For other special characters like “#”

Please use the following link to check the correct encoding:

https://www.urlencoder.org/

Task 1 is to make you familiar with the SQL statement. You can get

familiar with it since you need to use it for task 2 but you are not

required to put the screenshot of Task 1 in the report. Please write your

lab report according to the description of task 2.1, 2.2 and 2.3. Upload

your answers as a PDF to Canvas. In your report, please contain two

parts: (1) show your screenshot of code and some description of your

code to analyze why your code looks like this; (2) show your screenshot

of successful attack.

*The significant content is borrowed from Prof. Wenliang Du.