From d4c882a1c7b348b129d0ca8b8113ffd197c2105f Mon Sep 17 00:00:00 2001 From: cktricky Date: Thu, 17 Apr 2014 08:09:02 -0400 Subject: [PATCH] Fixes #107. Added some verbiage surrounding the SQL Injection tutorial --- app/views/layouts/tutorial/injection/_injection_first.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/layouts/tutorial/injection/_injection_first.html.erb b/app/views/layouts/tutorial/injection/_injection_first.html.erb index 608c9e2..ac88daa 100755 --- a/app/views/layouts/tutorial/injection/_injection_first.html.erb +++ b/app/views/layouts/tutorial/injection/_injection_first.html.erb @@ -91,7 +91,7 @@ utf8=✓&_method=put&authenticity_token=GXhLKKhfBXdFx5i6iqHEd5E32Kebn1+G35eA87RW1tU=& user[user_id]=5&user[email]=ken@metacorp.com&user[first_name]=Ken&user[last_name]=Johnson&user[password]=testtest&user[password_confirmation]=testtest

- Now we will inject some SQL Query syntax that will return the first result of a query that looks for users that have an admin attribute that is true. So essentially, instead of looking up the user whose data we will change by our user ID, we tell the database to return the first admin and update their data. In this instance, we are changing admin@metacorp.com's password to testtest. We can later login as that user. Granted, we could just change the user_id to 1 and do the same thing, and there are other ways to exploit this weakness but this is a clear-cut example of SQL Injection. + Now we will inject some SQL Query syntax that will return the first result of a query that looks for users that have an admin attribute that is true. So essentially, instead of looking up the user whose data we will change by our user ID, we tell the database to return the first admin and update their data. In this instance, we are changing admin@metacorp.com's password to testtest. We can later login as that user. Granted, we could just change the user_id to 1 and do the same thing, and there are other ways to exploit this weakness but this is a clear-cut example of SQL Injection. It is important to note that we have omitted the email, first, and last name parameters as a duplicate email address will cause errors. Additionally, we do not wish to change the admin's first and last name as this would alert the admin to the "hack". 

 				POST /users/5.json HTTP/1.1