$conn $=$ getDB$()$;

$sql $=$ "UPDATE credential SET nickname$=$$nickname$,$

email$=$$email$,$

address$=$$address$,$

phonenumber$=$$phonenumber$,$

Password$=$$pwd$$

WHERE id$=$$input$\_$id$"$;

$conn$->$query$($$sql$))$

Figure $2$: Edit Profile

$$ Task $3\mathrm{.}1$a: SQL Injection Attack on UPDATE Statement $$ modify salary. As shown in the Edit

Profile page, employees can only update their nicknames, emails, addresses, phone numbers,

and passwords; they are not authorized to change their salaries. Only the administrator is

allowed to make changes to salaries. If you are a malicious employee $($say Alice$),$ your goal in

this task is to increase your own salary via this Edit Profile page. We assume that you do know

that salaries are stored in a column called salary. This task is demonstrated for you in the video

you should practice this task but you do not need to submit any screen captures.

$$ Task $3\mathrm{.}2$: SQL Injection Attack on UPDATE Statement $$ modify other people$$ password. Using

the same vulnerability in the above UPDATE statement, malicious employees can also change

other people$$s data. The goal for this task is to modify another employee$$s password, and then

demonstrate that you can successfully log into the victim$$s account using the new password. The

assumption here is that you already know the name of the employee $($e$.$g$.$ Ryan$)$ on whom you

want to attack. One thing worth mentioning here is that the database stores the SHA$1$ hash

value of passwords instead of the plaintext password string. You can again look at the

unsafe$\_$edit.php code to see how password is being stored. It uses SHA$1$ hash function to

generate the hash value of password.

$$ Student task: Your next task is to modify Ryan's password $($EID $30000)$ so that you can log in as

him. This will be similar to the task you just completed, you will need to log in as Alice and go to

the edit profile page. Update Ryan's password which is stored in a column called password. One

important note is that the password is not stored in clear text but as a SHA$1$ hash. This means

you will need to convert the password you want to use to it's SHA$1$ has equivalent and store that

in the password field. You can use cyberchef to convert the password to SHA$1$ or there are

several other tools and websites which will do the same. Validate you have changed Ryan's

password by logging into the system as him. Provide the injection you utilized as well as a screen

capture of Ryan's employee information page you get after you log in$.$

$$ Task $3\mathrm{.}1$b: SQL Injection Attack on UPDATE Statement $$ modify other user's salary. Now

that you know how to modify your salary you decide you want to reduce the salary of Samy. You

have found Samy's EID is $40000$ and you want to change Samy's salary which is currently $40000$ to

$20000.$ Student task: Log in as Alice once again and go to the profile edit page. Execute an

injection which will change Samy's salary to $20000.$ Hint, you will need to use the WHERE clause

and Samy's EID. Provide the injection you utilized and make a screen capture of Samy's new

profile showing the updated salary. To verify your inject worked you will need to log into Samy's

profile, EID $40000,$ password seedsamy, you may only check your work, not modify his salary.