CS 334: SQL Injection Exploration

This assignment should be done individually. You can share ideas with other people, but the actual work you do should be your own.

Work through this awesome set of labs on SQL injection attacks. Specifically, click on the button labeled "User Guide," and click on each section as you go. Some of the sections point to an actual exercise, labeled as a "Level", i.e. "Level 1," Level 2," etc. In the User Guide, there will be a button that links to a particular level; do the exercise that goes with it.

There are 12 "levels", i.e. exercises, to do. The solutions to the first four are given in the user guide. I encourage you to try them first before looking before the solution. For the remaining levels, the user guide usually gives hints, but not an actual solution.

Submit to Moodle a text file that contains your solutions for Levels 5 through 12. For many of these, your solution is simply a string that you need to enter into the website. In that case, you should simply paste into this file the string that is your solution. For some of these levels, the solution is more of a procedure; you need to enter multiple strings in succession in order to solve the problem. In that case, your solution file should contain each of the strings you needed to enter in order, and/or a brief description of the procedure that you need to follow to solve the problem.

One of these (perhaps, maybe two?) require you to go through a fairly long manual process to get the final solution, but there's a point pretty early in the process when you'll know that you've figured out the concept and you just don't want to do variations on a theme a few dozen more times. If you find you're in that situation, you can stop at that level and explain in your solution file what the procedure is that you would follow to solve that problem.