Ödev - 2

This is assignment 2 of 188.916 Introduction to Security (max. 14 points).
Due on 16.12.2011 23:55:00. Time left: 52 days, 14 hours, 2 minutes and 34 seconds.

In the VIP - SQL Injection

A friend of yours has asked you to perform a security audit on the members administration of her golf club. She asks you to test if there are any security issues concerning the MySQL database implementation. She gives you a short introduction to the system, but leaves you to find out other information you need for your test:

1. First step: Try to login without having any user data.
2. Second step: Find out which of the members has the highest balance on his/her account. You will not be able to see the balance on the website, you must find it out by passing an appropriate SQL query to the server.
3. Third step: There is a members database which consists of two tables "regular" and "vip". Find out the "memberno" of the member who had the highest balance in step two. Every member's "name" has a suffix "(reg)" or "(VIP)" - this way you will recognize which table you are operating on. Again, you will not be able to see the "memberno" on the website but you must try to find it by using an appropriate SQL query.

Be aware that SQL injection can be a cumbersome task and it may take a while until you find the right query. Therefore it is advisable to start the assignment early and come back to it after a while when you seem to be stuck. You might want to read a bit into the syntax of SQL and search for information on SQL injection. In this assignment you will exercise what is called a "Blind SQL injection" which means you will not get any error messages from the server if the query you passed is wrong or doesn't yield any results. Note that in this exercise no output can mean you are on a good way.

Please answer the following questions:

1. Write down the exact input that enabled you to login to the website. Explain why that worked!
2. Write down the exact input that gave you the member with the highest balance. Write down the name and the balance!
3. Write down the name and memberno of the member with the highest balance from step two. Is it a regular or VIP member? Also write down the exact query that led to the result!