Task $3$: SQL Injection Attack on UPDATE Statement

If a SQL injection vulnerability happens to an UPDATE statement, the damage will be more severe, because attackers can use the vulnerability to modify databases. In our Employee Management application, there is an Edit Profile page $($Figure $2)$ that allows employees to update their profile information, including nickname, email, address, phone number, and password. To go to this page, employees need to login first.

When employees update their information through the Edit Profile page, the following SQL UPDATE query will be executed. The PHP code implemented in unsafe$\_$edit.php file is used to update employee$$s profile information. The PHP file is located in the $/$var$/$www$/$seedlabsqlinjection$.$com$/$public$\_$html directory.

$conn $=$ getDB$()$;

$sql $=$ "UPDATE credential SET nickname$=\text{'}$$nickname', email$=\text{'}$$email',

address$=\text{'}$$address', phonenumber$=\text{'}$$phonenumber', Password$=\text{'}$$pwd$\text{'}$

WHERE id$=\text{'}$$input$\_$id$\text{'}"$;

$conn$->$query$($$sql$))$