{"id":671,"date":"2018-10-18T07:23:20","date_gmt":"2018-10-18T07:23:20","guid":{"rendered":"https:\/\/www.appservgrid.com\/paw92\/?p=671"},"modified":"2018-10-18T15:38:34","modified_gmt":"2018-10-18T15:38:34","slug":"owasp-security-shepherd-sql-injection-solution-lsb-ls-blog","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2018\/10\/18\/owasp-security-shepherd-sql-injection-solution-lsb-ls-blog\/","title":{"rendered":"OWASP Security Shepherd \u2013 SQL Injection Solution \u2013 LSB \u2013 ls \/blog"},"content":{"rendered":"

A SQL injection<\/a> attack consists of insertion or \u201cinjection\u201d of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert\/Update\/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack<\/a>, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.<\/p>\n

REGISTER TODAY FOR YOUR KUBERNETES FOR DEVELOPERS (LFD259) COURSE AND CKAD CERTIFICATION TODAY! $499!<\/a><\/p>\n

\"sql1\"<\/p>\n

With that in mind, let\u2019s tackle this Security Shepherd injection module. We are presented with a brief lesson telling us what SQL Injection is and to get the key we have to fool the database into giving us some information that it would not normally divulge. So we need to craft an SQL query that would give us the information we want.<\/p>\n

\"sql2\"<\/p>\n

We are given a list of names and if we type a name in the text field and hit enter, the database spits out some information on that person. So we need to find someones name that\u2019s hidden to us that spits out the key to pass the module.<\/p>\n

Our SQL query will be entered into the text field above. We noticed immediately that anything that we typed, the server would add a \u2018; at the end of the query. So if we have another \u2018 in our injection, that would cancel the one thatthe server adds. Then if we say something like \u2018and 1=1\u2019 and end the query, the database would send us back a Boolean YES, or a positive.<\/p>\n

$299 WILL ENROLL YOU IN OUR SELF PACED COURSE \u2013 LFS205 \u2013 ADMINISTERING LINUX ON AZURE!<\/a><\/p>\n

We need to craft an SQL query that would list all rows and columns in the database. This proved to be tough and we tried many different queries but the one that worked for us was the query below.<\/p>\n

\"sql3\"<\/p>\n

That\u2019s how SQL Injection works. We fooled the SQL database into giving us some information that was hidden from us. A nice module and it took a while to crack, but we got there.<\/p>\n

Thanks for reading and if you like what you\u2019ve read, please add a comment. Like and share too guys, it\u2019s appreciated.<\/p>\n

QuBits 2018-09-15<\/p>\n

BUNDLE CLOUD FOUNDRY FOR DEVELOPERS COURSE(LFD232) AND THE CFCD CERTIFICATION FOR $499!<\/a><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A SQL injection attack consists of insertion or \u201cinjection\u201d of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert\/Update\/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a … <\/p>\n

Continue reading “OWASP Security Shepherd \u2013 SQL Injection Solution \u2013 LSB \u2013 ls \/blog”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-671","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/671","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=671"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/671\/revisions"}],"predecessor-version":[{"id":800,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/671\/revisions\/800"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=671"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=671"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=671"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}