Exploiting an SQL Inject attack involves solving a puzzle that is a cross between Hangman and 20 Questions. It needs a little understanding of SQL and a great deal of cunning.
Try your Hacking skills against this test system. It takes you through the exploit step-by-step.
The SQL Injection attack allows external users to read details from the database. In a well designed system this will only include data that is available to the public anyway. In a poorly designed system this may allow external users to discover other users' passwords.
Try these steps:
To gain access and find a user name. Enter the string as both user name and password in the frame on the right. This should get you logged in as a user (jake happens to be the first user in the table). This tells you that Jake is a user and it allows you to access his account - but it does not tell you his password.
Find out if Jake's password includes the letter "w". Enter xxx as user name and enter the following string as the password:
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%') AND ''='
Find out if Jake's password has "w" as the third letter. Enter xxx as user name and enter the following string as the password:
' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '__w%') AND ''='
EmoticonEmoticon