Assignments Sec.4

Handing In Assignments

You must hand in by using git

Hand In by git

  • Create an empty repo on bitbucket.org, gitlab.com, or github.com,
  • git push your local repo to the above remote repo.
  • For node assignments please put the line(s)

    node_modules/

    into your .gitignore file.

Send a mail to with:

  • The word 'handin <subjectname>' in the subject line of your mail
  • The url of your repo(s).

Assignment Sec.4.0

Verify that the database parameters used in login0Auth.php, or whatever your authentication code was called, has root as the user, and an empty password.

Now, you saw me login as admin with

admin' or 'x' = 'x'; drop database world; --

Try that, and verify that the world database actually disappeared.

Assignment Sec.4.1

If you succeeded in dropping the world database in the previous assignment, promise me that you never again, I repeat, never again let you applications manipulate your databases as root.

You may get your world database back by using the bottom of Appendix A.

Login to your database client, consult your MySQL documentation and with the appropriate SQL declarations, create two new database users name reader, and maintainer. Both with appropriate passwords. Then do

grant select on user to reader@localhost;
grant update, delete, insert on user to maintainer@localhost;

Now, in your editor change your database params for the latest assignments, change root to reader, and add reader's password. Run assignment 4.0 again, and expect the drop of the world database to fail

Morale:

Always use reader as the user of your PHP programs. Assign the select permission to the relevant tables to him. If you fail for lack of sufficient permissions, replace reader with maintainer

Assignment Sec.4.2

In your textbook, [Sul11] you know ;) Chapter 7 on pages 215 to 237, there are a large number of ideas for hacking databases. From logging in without password to reading the user table or even worse.

I want you to read those pages, and then make an attempt to utilize at least two different injections that we haven't tried before, prove that it can be done and show the results. Once you have the proof, you immunize, and then prove that it can no longer be done.

This might mean that to prove the vulnerabilities, you have to wortk with version of your code from before previous assignments immunized them.