[Solved] CSCI 4380 Lab 6 SQL Injection

$25

File Name: CSCI_4380__Lab_6__SQL_Injection.zip
File Size: 292.02 KB

SKU: [Solved] CSCI 4380 – Lab 6 – SQL Injection Category: Tag:
5/5 - (1 vote)

For this lab, you will use your knowledge of SQL and SQL-Injection vulnerabilities to construct several strings to attack vulnerable code.

The `input.txt` file currently shows what would be normal or safe input for each of several queries, one input per line. You need to create unsafe input which will take advantage of the vulnerabilities written into the code.

As with Homework 5, you can run `python -m unittest restaurant_test.py`, after modifying the expected connection details at the top of the file.

## Assignment

Each test will use only one line of the input file, and each test will start with a fresh install of the schema. The goal of each test is defined here:

### Test One

Output all ingredients in the database, rather than just one.

### Test Two

The objective is the same as for Test One: Output all ingredients in the database, rather than just one.

Note that here, the `Restaurant` class makes an attempt at a more sophisticated method for constructing the query.

### Test Three

The Restaurant class provides a `find_course_recipes` method to find all the recipes for a given course. Note that it will exclude any recipes marked as experimental.

Here, your SQL Injection attack should return all the recipes for the Dessert course, including the experimental ones.

### Test Four

Sabotage the restaurant by defaulting the `filled` values on all new orders to `now()`

(Remember that you can use `ALTER TABLE mytable ALTER COLUMN mycolumn ` to modify the definition of an existing table)

### Test Five

This has the same objective as Test Three: return all the recipes (including experimental ones) for the Dessert course.

Note that here, an attempt has been made by the creators of the `Restaurant` class to sanitize user data.

Reviews

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Shopping Cart
[Solved] CSCI 4380 Lab 6 SQL Injection
$25