Project SQL-X2 for CNIT 123: Fixing MySQL (10 pts.)

Requirements

You will need a Linux machine with SQLol on it, including the simple page, which you prepared in previous projects. Any version is OK, but these instructions were written using BackTrack 5 R3.

Testing the "Find Users" Page

In your Linux machine, in Firefox, go to

localhost/sqlol/search.htm

A "Find Users" page opens, as shown below:

In the Name field, type

O'Neil

Click the Submit button.

You should see a SQL syntax error, as shown below:

This error indicates a SQL injection vulnerability.

Fixing the SQL Injection Vulnerability

In a Terminal window, execute these commands:

cd /var/www/sqlol cp search.php old-search.php
nano search.php

Find the existing code marked with a comment saying "PATCH VULNERABLE CODE HERE", as shown below:

Add this line under the comment:

$q = mysql_real_escape_string($q);

Your code should now look like the image shown below:

Save the page with Ctrl+X, Y, Enter.

This line adds backslash characters before quotation marks, which will prevent SQL syntax errors.

Testing the Fixed Page

In your Linux machine, in Firefox, go to

localhost/sqlol/search.htm

A "Find Users" page opens, as shown below:

In the Name field, type

O'Neil

Click the Submit button.

Now, instead of an error, you see a chart showing that no results were found, as shown below:

You can see how the fix works: the URL shows the original search string of O'Neil but the top of the results Web page shows the escaped version O\'Neil

Saving the Screen Image

Make sure the query of O'Neil is visible in the URL bar of the Firefox window, and the table appears rather than a SQL error message.

Save a screen image with the filename Proj SQL-X2 from Your Name.

Turning in Your Project

Email the image to cnit.123@gmail.com with a Subject line of Proj SQL-X2 from Your Name.

Sources

http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php

Last modified: 3:18 pm 12-31-12