SQL Injection Web Lab Introduction
EvanAuth is a brand new startup out of UC Berkeley offering an authentication system. Unfortunately, their new intern has made a mistake and created a SQL injection vulnerability which will allow any user to change another user’s password! Your goal is to change the admin account’s password to a known value so you can log into it.
Setup + Running
1. Create a virtualenv: python3 -m venv .161venv 2. Activatethevirtualenv:
1. On Mac: source .161venv/bin/activate
2. On Windows: .\161venv\Scripts\activate
3. Update pip with python3 -m pip install –upgrade pip .
4. Install the Python requirements: pip install -r requirements.txt 5. Run the server with ./server.sh
Instructions:
1. Followtheinstructionsabovetosetupandruntheserverlocally.
2. Navigatetohttp://127.0.0.1:5000andpokearoundthewebsitealittle.Note:everytimeyourestart
the server it resets the database to its original state!
3. FigureouttheSQLInjectionvulnerability!Yourgoalistologintotheaccountwiththeusername “admin”. As you complete the SQL injection, note down the various inputs you fed into the website so you can use them for step 4. (Hint: since the source code is open to you it will be helpful to look into it. Check out main.py which has the relevant functions marked with a comment, as well as schema.sql for the DB table setup). It may also be helpful to read up on query parameterization in sqlite3 .
4. Placeyourinputsinorderintheinput.infilefollowingtheexampleinexample_input.in.Thefirst item on every line should be either Create_Account , Login , Initiate_Reset , or Reset and determines what call to make to the server based on the 4 types of inputs in the website
( Initiate_Reset corresponds to the form on the homepage and Reset corresponds to the actual reset password form). Arguments come after and are separated with the | character. Do not include the | character in any of your arguments (it’s not necessary to use it anywhere). To see what arguments each option takes look at example_input.in .
5. To test your solution: rerun the server via ./server.sh to reset its database, then leave it running and open a second terminal window to run python3 grader.py
It may be difficult to visualize the results of your injected query. To do this we would recommend adding in a print statement after the relevant conn.execute statement in main.py to print its output. Make sure to rerun the server when you do this so your changes will be reflected.
程序代写 CS代考 加微信: cstutorcs
You can also test SQL queries on the database directly as follows:
1. Open a new terminal window and activate the venv by following step 2 in Setup + Running. 2. Run python3
3. Intheinterpreterthatopensrunsomethingsimilartothefollowingtoexecuteaquery:
>>> import sqlite3
>>> conn = sqlite3.connect(‘database.db’)
>>> conn.row_factory = sqlite3.Row
>>> res = conn.execute(“SELECT username from users”).fetchall()
>>> res[0][‘username’]
程序代写 CS代考 加QQ: 749389476