Page 1 of 13 Assignment 6 This assignment includes hands-on exercises in the Oracle VM. It has two Parts. Part 1 is SQL Injection Lab and Part 2 is Encryption Lab. Deliverables You will be submitting evidence that you have completed all steps in this assignment by documenting each step including the input and output of the queries/scripts in SQL*Plus. Also include screen captures and explanations where appropriate. Include both Part 1 and Part 2 in a single file. Name this file as lastnameFirstname_assign6.doc. Upload the files to the Blackboard. Part 1. SQL Injection Lab Purpose The goal of this lab is to demonstrate SQL Injection techniques to exploit vulnerabilities in application code and gain access to sensitive database information. Setup This lab should be performed under the Oracle Linux VM provided in the course. 1. Start your Oracle Linux VM through the Oracle VM VirtualBox Manager. 2. Login as the Oracle user. Username: oracle Password: metcs674 3. Double-click the "Firefox Web Browser" icon (Figure 1) on the Desktop. Figure 1: Firefox Icon 4. In the browser address field type the URL: http://localhost:8888/sql_injection/ 5. The “SQL Injection Examples” page opens (Figure 2).
13
Embed
20140305 Assignment 6 - Transtutors · Page 1 of 13 Assignment 6 This assignment includes hands-on exercises in the Oracle VM. It has two Parts. Part 1 is SQL Injection Lab and Part
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1 of 13
Assignment 6
This assignment includes hands-on exercises in the Oracle VM. It has two Parts. Part 1 is SQL
Injection Lab and Part 2 is Encryption Lab.
Deliverables
You will be submitting evidence that you have completed all steps in this assignment by
documenting each step including the input and output of the queries/scripts in SQL*Plus. Also
include screen captures and explanations where appropriate.
Include both Part 1 and Part 2 in a single file. Name this file as lastnameFirstname_assign6.doc.
Upload the files to the Blackboard.
Part 1. SQL Injection Lab
Purpose
The goal of this lab is to demonstrate SQL Injection techniques to exploit vulnerabilities in
application code and gain access to sensitive database information.
Setup
This lab should be performed under the Oracle Linux VM provided in the course.
1. Start your Oracle Linux VM through the Oracle VM VirtualBox Manager.
2. Login as the Oracle user.
Username: oracle
Password: metcs674
3. Double-click the "Firefox Web Browser" icon (Figure 1) on the Desktop.
Figure 1: Firefox Icon
4. In the browser address field type the URL: http://localhost:8888/sql_injection/
5. The “SQL Injection Examples” page opens (Figure 2).
Page 2 of 13
Figure 2: SQL Injection Examples Page
Once you have the “SQL Injection Examples” page open, follow the instructions for each of the
four parts of the lab below.
Part 1-1
For Part 1-1 of the assignment you will use the search application (Figure 3) located on the VM