You must hand in by using
Send a mail to
handin <subjectname>' in the subject line of your mail
Verify that the database parameters used in
or whatever your authentication code was called, has
root as the user, and an empty
Now, you saw me login as admin with
admin' or 'x' = 'x'; drop database world; --
Try that, and verify that the world database actually disappeared.
If you succeeded in dropping the world database in the previous assignment, promise me that you never again, I repeat, never again let you applications manipulate your databases as root.
You may get your world database back by using the bottom of Appendix A.
Login to your database client, consult your MySQL documentation and with the appropriate SQL declarations, create two new database users name reader, and maintainer. Both with appropriate passwords. Then do
grant select on user to reader@localhost;
grant update, delete, insert on user to maintainer@localhost;
Now, in your editor change your database params for the latest assignments, change root to reader, and add reader's password. Run assignment 4.0 again, and expect the drop of the world database to fail
Always use reader as the user of your PHP programs. Assign the select permission to the relevant tables to him. If you fail for lack of sufficient permissions, replace reader with maintainer
In your textbook, [Sul11] you know ;) Chapter 7 on pages 215 to 237, there are a large number of ideas for hacking databases. From logging in without password to reading the user table or even worse.
I want you to read those pages, and then make an attempt to utilize at least two different injections that we haven't tried before, prove that it can be done and show the results. Once you have the proof, you immunize, and then prove that it can no longer be done.
This might mean that to prove the vulnerabilities, you have to wortk with version of your code from before previous assignments immunized them.