Website Copyright © 2020 Kyle C. Hale, Illinois Institute of Technology.
SQL injection is a code injection technique that exploits the
vulnerabilities in the interface between web applications and
database servers. The vulnerability is present when user's
inputs are not correctly checked within the web applications
before being sent to the back-end database servers. Many web
applications take inputs from users, and then use these inputs
to construct SQL queries, so the web applications can get
information from the database. Web applications also use SQL
queries to store information in the database. These are common
practices in the development of web applications. When SQL
queries are not carefully constructed, SQL injection
vulnerabilities can occur. The SQL injection attack is one of
the most common attacks on web applications.
In this lab, we have created a web application that is
vulnerable to the SQL injection attack. Our web application
includes the common mistakes made by many web developers.
Students' goal is to find ways to exploit the SQL injection
vulnerabilities, demonstrate the damage that can be achieved by
the attack, and master the techniques that can help defend
against such type of attacks.
Please find the lab description here.
Please write your lab report according to the description. Please also list the important code snippets followed by your explanation. You will not receive credit if you simply attach code without any explanation. Upload your answers as a PDF to blackboard.
Most content taken from Wenliang Du.
This work is licensed under a Creative Commons Attribution-NonCommercialShareAlike 4.0 International License. A human-readable summary of (and not a substitute for) the license is the following: You are free to copy and redistribute the material in any medium or format. You must give appropriate credit. If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original. You may not use the material for commercial purposes.
Website Copyright © 2020 Kyle C. Hale, Illinois Institute of Technology.