SQL Injection
In the Lecture Materials we have looked at SQL Injection
Here we will dig deeper and try to find more information.
Getting Started: The Web Trainer
You can find the web trainer in the 6005 Lab Github Repo
Instructions for the Trainer
-
Make sure you have docker installed
-
Run the compose file with
$sudo docker-compose up -
There will now be a website running on your machine at
127.0.0.1
Using WSL
If you are using WSL the address will be the address of your WSL container.
You can find this with ip addr
Tasks:
Login Bypass
- Try the login bypass example in Login Bypass
Stretch Goal
So we can login as Admin. Can you think of a way we could maipulate the query to login as someone else?
Database Enumeration
- Try the Database Enumaation Example in Database Enumeration