Question: : Suppose, some database contains two tables: The program requests a name and a password and outputs the personal number (ps_id) in addition to name

: Suppose, some database contains two tables:

The program requests a name and a password and outputs the personal number (ps_id) in addition to name (name) and password (passwd) (cf. Figure 1). This, of course, only happens, if the name - password combination matches the person's entry. To achieve this, the SQL-query shown above is created.

Task 1a) Which programming errors are exploited by SQL-Injection attacks?

Task 1b) How can you get all names and passwords in the table by a technique called SQL injection, although you have no idea, how many users are in that table or what their names are? Moreover, you don't know a single password! Show what to enter at both input fields!

Task 1b) Are you able to find out the number of products in the table products (number of products corresponds to the number of rows in table)? If yes: Show what to enter at both input fields!

Hint 1: Assume, no measurements for the defence against SQL injection were taken.

Hint 2: Please note: You cannot change the program!

Hint 3: Please note: You have no direct database account. That is, you cannot enter any complete SQL statement!

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

This capstone project will simulate a food vendor application, which will maintain a food menu and user database, allow for customer ordering, as well as administrative management of customer and...

Show me the steps to solve This Milestone uses incremental programming. The autograder's unit tests will test each method individually ( with the exception of Step 1 ' s database setup methods, which...

Show me the steps to solve in python This Milestone uses incremental programming. The autograder's unit tests will test each method individually ( with the exception of Step 1 ' s database setup...

Can you please help me with this case problem? AICPA Case Development Program. Case No. 2000-02: Recreation, Inc Case No. 2000-02: Recreation, Inc. 1 AICPA Case Development Program RECREATION, INC....

He want us to identify the 18 vulnerabilities. template is attach. Case No. 2000-02: Recreation, Inc. 1 AICPA Case Development Program RECREATION, INC. AN INFORMATION TECHNOLOGY RISK ASSESSMENT CASE...

Risk Assestment Project - Identify 18 Vulnerabilit AICPA Case Development Program Case No. 2000-02: Recreation, Inc. ? 1 RECREATION, INC. AN INFORMATION TECHNOLOGY RISK ASSESSMENT CASE STUDY OF...

This policy will be reviewed no later than 5 years of its authorisation date. At this point it will need to be re-authorised by the relevant authority at Xxz Financial Services Version Published...

A discrete sequence {xn} can be converted into a continuous representation x(t) = ts X n= (t n ts) xn, where ts is the sampling period. (a) State two characteristic properties of Dirac's function. [2...

The assignment specification The java file JabberServer.java package com.bham.fsd.assignments.jabberserver; import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet;...

haa23684_PlugInT6CD.qxd 9/6/06 5:38 PM Page 2 CONFIRMING PAGES P L U G - I N T6 Basic Skills and Tools Using Access LEARNING OUTCOMES 1. Describe the primary functions using Microsoft Access. 2....

Q1. With respect to the block diagram shown in Figure 1, answer the following: (ii) The damping factor is to be increased to 0.9 by including a derivative output compensation. Find the value of kt to...

Your friend is considering investing in TRW.Corp stock at $14/share and then he plans to sell the stock for $18 after collecting a previously announced $1.00/share dividend. Based on this...

I need a unique response to this discussion post. With one APA in-text citation and one APA reference. Kayla Walker Economic Value Added (EVA) is a financial performance metric that calculates a...

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

The employee interested in job sharing must find another employee performing the same job who wants reduced work hours.

The job sharers need to have similar work values and motivations. Otherwise, interpersonal conflicts will interfere with the completion of assignments.

The impact of job sharing on clients and customers must be determined. If satisfying client and customer needs is compromised (if customers want one consistent contact person, for example), job...