SQL Injection. Blossom Hands-on exercises for computer forensics and security
|
|
- Brendan Spencer
- 8 years ago
- Views:
Transcription
1 Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit SQL Injection BLOSSOM Manchester Metropolitan University (Funded by Higher Education Academy) l.han@mmu.ac.uk
2 1. Learning Objectives This lab aims to understand SQL injection. 2. Preparation 1) Under Linux environment 2) Files that you will need from /home/user/blossomfiles/sqlinjection: 'sqlinjection.php' 3) Some documents that you may need to refer to: 3. Tasks 'Virtual-MachineGuide.pdf' Linux-Guide.pdf BLOSSOM-UserGuide.pdf Setup & Installation: Start a single virtual machine as you have done with previous exercises (see Virtual Machine Guide) # kvm -cdrom /var/tmp/blossomfiles/blossom-0.98.iso -m 512 -net nic,macaddr=52:54:00:12:34:57 -net vde -name node-one Set the extension for mysql in PHP to 'mysql.so' using the following commands, and then restart the apache2 server: # gedit /etc/php5/apache2/php.ini > extension=mysql.so # /etc/init.d/apache2 restart
3 Task 1 MYSQL 1.1 Nearly all databases that you see in use on websites are provided by either MYSQL(*nix systems) or SQL Server(Microsoft). In these labs we will be using MYSQL. Unlike other database software you may already be familiar with, such as Microsoft Access, it's very easy to access the databases through a variety of programming languages. Like most websites, we will be accessing the MYSQL databases through PHP, a server side language. Typically, the routine for accessing a MYSQL database is as follows: 1) Connect to the MYSQL backend, using the address, password and user 2) Select the correct database 3) Assemble a MYSQL query (or command) 4) Query the database, checking the query is valid. 5) Read the results if required. 1.2 The SQL query syntax is very easy to learn, below are some examples that you can adapt for use in the lab. SELECT * from ANIMALS; The above displays the entire table `ANIMALS' SELECT * from ANIMALS WHERE animal=`chicken'; Displays all data about chickens from table, `ANIMALS' SELECT animal from ANIMALS WHERE name=`dave'; Returns a list of animals called Dave You can also write data into a table using the following SQL commands as examples: INSERT INTO ANIMALS (id, name, animal, favcrisps) VALUES (1, "Jim", "cow", "Salt and Vinegar"); Inserts data into table ANIMALS about Jim the cow
4 INSERT INTO ANIMALS (id, animal, favcrisps, name) VALUES (1, "Chicken", "Doesn't Like Crisps", "Dave"), (2, "Pig", "Bacon", "Sam"), (3, "Dog", "Ready Salted", "Lauren"); Inserts multiple rows of data, in the given order Rows can be altered using commands similar to the following command too: UPDATE ANIMALS SET name=`percy' WHERE animal='pig'; Renames all pigs Percy The above commands should be sufficient for this exercise, more commands can be found in the MYSQL reference manual at We now need to create the basic tables that will be used for this task. Start mysql and create a table using the following commands: #mysql -u root -p # mypass > CREATE DATABASE users; > USE users; > CREATE TABLE people (id int NOT NULL AUTO_INCREMENT, PRIMARY KEY(id), name varchar(15), varchar(20)); > INSERT INTO people(id,name, ) VALUES (1,'Betty','bo@illumati.com'), (2,'Jamie','jh@something.com'); This will provide us with enough data to perform some basic SQL Injections. Task 2 SQL Injection 2.1 Due to the nature of the MYSQL syntax, it is possible to extend the intended command to perform other commands. Below is a simple example of SQL injection implemented through a PHP page: <?php //sweetstock.php //This PHP page returns the number of items in stock for given sweet //Connect to the mysql database mysql_connect(`localhost', `root', `mypass');
5 //Select database sweets mysql_select_db(`sweets'); //Get sweet name from url $name = $_GET[`sweet']; //Construct a mysql query $cmd = sprintf("select stock FROM stock WHERE sweet='%s'", $name); //mysql returns an array of results $result = mysql_query("$cmd"); //Open the result array with this while loop //Keep echoing the first column of the result until none left while($row = mysql_fetch_array($result)){ echo "$row[0]"; }?> When the above PHP page is called with ' the website will return the number of milkbottles in stock. The MYSQL command is assembled to be: SELECT stock FROM stock WHERE sweet=`milkbottles' However, if we access the following URL, ' The query will become: SELECT stock FROM stock WHERE sweet='milkbottles' OR '1' = '1' Which is always TRUE. The program will output all stock for all sweets; we have performed an SQL Injection. By injecting the URL, we have obtained information from a MYSQL database that we shouldn't have. This may not seem like much, but in some cases it's possible to completely escape the command, changing tables and accessing other information. There are hundreds of examples of SQL injection being used in just this way to obtain people's personal information. 2.2 Now we can look at an SQL Injection for ourselves. Move the file that you downloaded earlier called 'sqlinjection.php' into a directory under /var/www/: # mkdir /var/www/sql # cp sqlinjection.php /var/www/sql
6 Open up a browser and navigate to ' We should be confronted with a few messages stating the success of the connection, the basis of the query being used in this example, and a message telling us that the query is not valid due to the fact that not data has been read in to the PHP page. Using the browser, type the following in to the URL address bar: > This should then display the ID number attached to the name Betty, and it should because this is how the page is meant to function; however, due to the fact that the code is vulnerable to an SQL Injection, we can input the following URL in to the browser in order to obtain more information: > OR ='bo@illumati.com This will display the ID number attached to the 'bo@illumati.com'. We have managed to enter the rest of the query in to the address bar due to the code's vulnerabilities. Even though this is a very simple example, it's quite easy to understand the potential of an SQL Injection. Try to input a URL into the browser that will output the ID number for every single row from the table. HINT: Refer back to the milkbottles example in task We should have developed quite an understanding of how an SQL Injection is performed, so we will now take a brief look in to how we can prevent them. Open up the source code for 'sqlinjection.php' and look at it, you should be able to make sense of what's happening at each bit of code. Take a look at the commented out line which when uncommented will apply the method 'mysql_real_escape_string()' to the variable '$user' and then store it in '$validuser'. After uncommenting this line, change the variable '$user' on the next line to '$validuser'. This will remove certain special characters such as apostrophes, quotation marks or new line characters by prepending them with backslashes, which should render the query as invalid. This is known as Input Validation and it is something that should be done whenever trying to prevent SQL code from potential injections. Try using one of the URLs we used earlier and take note of the difference.
Introduction to Websites & Dynamic Content
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationNetwork Forensics Network Traffic Analysis
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationForensic Imaging and Artifacts analysis of Linux & Mac (EXT & HFS+)
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationNetwork Attacks. Blossom Hands-on exercises for computer forensics and security
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationMultimedia im Netz Online Multimedia Winter semester 2015/16
Multimedia im Netz Online Multimedia Winter semester 2015/16 Tutorial 04 Minor Subject Ludwig-Maximilians-Universität München Online Multimedia WS 2015/16 - Tutorial 04 (NF) - 1 Today s Agenda Repetition:
More informationSQL Injection Attack Lab Using Collabtive
Laboratory for Computer Security Education 1 SQL Injection Attack Lab Using Collabtive (Web Application: Collabtive) Copyright c 2006-2011 Wenliang Du, Syracuse University. The development of this document
More informationNetwork Packet Analysis and Scapy Introduction
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationSQL Injection Attack Lab
Laboratory for Computer Security Education 1 SQL Injection Attack Lab Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science Foundation
More informationLAMP Quickstart for Red Hat Enterprise Linux 4
LAMP Quickstart for Red Hat Enterprise Linux 4 Dave Jaffe Dell Enterprise Marketing December 2005 Introduction A very common way to build web applications with a database backend is called a LAMP Stack,
More informationApplication note: SQL@CHIP Connecting the IPC@CHIP to a Database
Application note: SQL@CHIP Connecting the IPC@CHIP to a Database 1. Introduction This application note describes how to connect an IPC@CHIP to a database and exchange data between those. As there are no
More informationINSTALLING, CONFIGURING, AND DEVELOPING WITH XAMPP
INSTALLING, CONFIGURING, AND DEVELOPING WITH XAMPP by Dalibor D. Dvorski, March 2007 Skills Canada Ontario DISCLAIMER: A lot of care has been taken in the accuracy of information provided in this article,
More informationPython Scripting with Scapy
Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative
More informationUQC103S1 UFCE47-20-1. Systems Development. uqc103s/ufce47-20-1 PHP-mySQL 1
UQC103S1 UFCE47-20-1 Systems Development uqc103s/ufce47-20-1 PHP-mySQL 1 Who? Email: uqc103s1@uwe.ac.uk Web Site www.cems.uwe.ac.uk/~jedawson www.cems.uwe.ac.uk/~jtwebb/uqc103s1/ uqc103s/ufce47-20-1 PHP-mySQL
More informationLAMP : THE PROMINENT OPEN SOURCE WEB PLATFORM FOR QUERY EXECUTION AND RESOURCE OPTIMIZATION. R. Mohanty Mumbai, India
LAMP : THE PROMINENT OPEN SOURCE WEB PLATFORM FOR QUERY EXECUTION AND RESOURCE OPTIMIZATION R. Mohanty Mumbai, India INTRODUCTION TO MAJOR WEB DEVELOPMENT PLATFORMS The concurrent online business transactions
More informationCSCI110 Exercise 4: Database - MySQL
CSCI110 Exercise 4: Database - MySQL The exercise This exercise is to be completed in the laboratory and your completed work is to be shown to the laboratory tutor. The work should be done in week-8 but
More informationA SQL Injection : Internal Investigation of Injection, Detection and Prevention of SQL Injection Attacks
A SQL Injection : Internal Investigation of Injection, Detection and Prevention of SQL Injection Attacks Abhay K. Kolhe Faculty, Dept. Of Computer Engineering MPSTME, NMIMS Mumbai, India Pratik Adhikari
More informationMul$media im Netz (Online Mul$media) Wintersemester 2014/15. Übung 03 (Nebenfach)
Mul$media im Netz (Online Mul$media) Wintersemester 2014/15 Übung 03 (Nebenfach) Online Mul?media WS 2014/15 - Übung 3-1 Databases and SQL Data can be stored permanently in databases There are a number
More informationUSING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)
USING MYWEBSQL MyWebSQL is a database web administration tool that will be used during LIS 458 & CS 333. This document will provide the basic steps for you to become familiar with the application. 1. To
More informationUlteo Open Virtual Desktop Installation
Ulteo Open Virtual Desktop Installation Copyright 2008 Ulteo SAS - CONTENTS CONTENTS Contents 1 Prerequisites 2 1.1 Installation of MySQL....................................... 2 2 Session Manager (sm.ulteo.com)
More informationBackup and Restore MySQL Databases
Backup and Restore MySQL Databases As you use XAMPP, you might find that you need to backup or restore a MySQL database. There are two easy ways to do this with XAMPP: using the browser-based phpmyadmin
More informationCPE111 COMPUTER EXPLORATION
CPE111 COMPUTER EXPLORATION BUILDING A WEB SERVER ASSIGNMENT You will create your own web application on your local web server in your newly installed Ubuntu Desktop on Oracle VM VirtualBox. This is a
More informationA table is a collection of related data entries and it consists of columns and rows.
CST 250 MySQL Notes (Source: www.w3schools.com) MySQL is the most popular open-source database system. What is MySQL? MySQL is a database. The data in MySQL is stored in database objects called tables.
More informationPHP Authentication Schemes
7 PHP Authentication Schemes IN THIS CHAPTER Overview Generating Passwords Authenticating User Against Text Files Authenticating Users by IP Address Authenticating Users Using HTTP Authentication Authenticating
More informationUser's Guide and Software Design of. Job Tracking System for the NTC s Machine Shop 2006-01-05. Version 2.0
User's Guide and Software Design of Job Tracking System for the NTC s Machine Shop 2006-01-05 Version 2.0 File: \\CVFILER\cv-cdl-sis\MeasSys\Tasks\ShopTrackSys2.doc Page i Printed: 2006-01-05 12:54:59
More informationAJ Matrix V5. Installation Manual
AJ Matrix V5 Installation Manual AJ Square Consultancy Services (p) Ltd., The Lord's Garden, #1-12, Vilacheri Main Road, Vilacheri, Madurai-625 006.TN.INDIA, Ph:+91-452-3917717, 3917790. Fax : 2484600
More informationDesigning for Dynamic Content
Designing for Dynamic Content Course Code (WEB1005M) James Todd Web Design BA (Hons) Summary This report will give a step-by-step account of the relevant processes that have been adopted during the construction
More informationThe Whole OS X Web Development System
The Whole OS X Web Development Title slide Building PHP/MySQL Web Databases for OS X Scot Hacker Webmaster, UC Berkeley s Graduate School of Journalism The Macworld Conference on Dreamweaver January 6-7,
More informationInstallation Instructions
Installation Instructions 25 February 2014 SIAM AST Installation Instructions 2 Table of Contents Server Software Requirements... 3 Summary of the Installation Steps... 3 Application Access Levels... 3
More informationSugar Open Source Installation Guide. Version 4.5.1
Sugar Open Source Installation Guide Version 4.5.1 Sugar Open Source Installation Guide Version 4.5.1, 2007 Copyright 2004-2007 SugarCRM Inc. www.sugarcrm.com This document is subject to change without
More informationInstallation documentation for Ulteo Open Virtual Desktop
Installation documentation for Ulteo Open Virtual Desktop Copyright 2008 Ulteo SAS - 1 PREREQUISITES CONTENTS Contents 1 Prerequisites 1 1.1 Installation of MySQL.......................................
More informationWebapps Vulnerability Report
Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during
More informationAbout This Document 3. About the Migration Process 4. Requirements and Prerequisites 5. Requirements... 5 Prerequisites... 5
Contents About This Document 3 About the Migration Process 4 Requirements and Prerequisites 5 Requirements... 5 Prerequisites... 5 Installing the Migration Tool and Enabling Migration 8 On Linux Servers...
More informationApache and Virtual Hosts Exercises
Apache and Virtual Hosts Exercises Install Apache version 2 Apache is already installed on your machines, but if it was not you would simply do: # apt-get install apache2 As the root user. Once Apache
More informationUsage Tracking for IBM InfoSphere Business Glossary
Usage Tracking for IBM InfoSphere Business Glossary InfoSphere Business Glossary Version 8.7 and later includes a feature that allows you to track usage of InfoSphere Business Glossary through web analytics
More informationPHP Tutorial From beginner to master
PHP Tutorial From beginner to master PHP is a powerful tool for making dynamic and interactive Web pages. PHP is the widely-used, free, and efficient alternative to competitors such as Microsoft's ASP.
More informationIBM DB2 for Linux, UNIX, and Windows. Deploying IBM DB2 Express-C with PHP on Ubuntu Linux
IBM DB2 for Linux, UNIX, and Windows Best practices Deploying IBM DB2 Express-C with PHP on Ubuntu Linux Craig Tobias Software Developer IBM Canada Laboratory Farzana Anwar DB2 Information Developer IBM
More informationE-Commerce: Designing And Creating An Online Store
E-Commerce: Designing And Creating An Online Store Introduction About Steve Green Ministries Solo Performance Artist for 19 Years. Released over 26 Records, Several Kids Movies, and Books. My History With
More informationOracle Database 10g Express
Oracle Database 10g Express This tutorial prepares the Oracle Database 10g Express Edition Developer to perform common development and administrative tasks of Oracle Database 10g Express Edition. Objectives
More informationA Brief Introduction to MySQL
A Brief Introduction to MySQL by Derek Schuurman Introduction to Databases A database is a structured collection of logically related data. One common type of database is the relational database, a term
More informationAdvanced Web Security, Lab
Advanced Web Security, Lab Web Server Security: Attacking and Defending November 13, 2013 Read this earlier than one day before the lab! Note that you will not have any internet access during the lab,
More informationAdvanced Tornado TWENTYONE. 21.1 Advanced Tornado. 21.2 Accessing MySQL from Python LAB
21.1 Advanced Tornado Advanced Tornado One of the main reasons we might want to use a web framework like Tornado is that they hide a lot of the boilerplate stuff that we don t really care about, like escaping
More informationHadoop Basics with InfoSphere BigInsights
An IBM Proof of Technology Hadoop Basics with InfoSphere BigInsights Part: 1 Exploring Hadoop Distributed File System An IBM Proof of Technology Catalog Number Copyright IBM Corporation, 2013 US Government
More informationContents. 1. Infrastructure
1. Infrastructure 2. Configuration Contents a. Join the Web Server to the Domain Controller b. Install PHP, mysql, apache c. Install and configure wordpress and virtual host d. Install and configure moodle
More informationOnline shopping store
Online shopping store 1. Research projects: A physical shop can only serves the people locally. An online shopping store can resolve the geometrical boundary faced by the physical shop. It has other advantages,
More informationBuild it with Drupal 8
Build it with Drupal 8 Comprehensive guide for building common websites in Drupal 8. No programming knowledge required! Antonio Torres This book is for sale at http://leanpub.com/drupal-8-book This version
More informationUsing SQL Server Management Studio
Using SQL Server Management Studio Microsoft SQL Server Management Studio 2005 is a graphical tool for database designer or programmer. With SQL Server Management Studio 2005 you can: Create databases
More informationDatabase Security. Principle of Least Privilege. DBMS Security. IT420: Database Management and Organization. Database Security.
Database Security Rights Enforced IT420: Database Management and Organization Database Security Textbook: Ch 9, pg 309-314 PHP and MySQL: Ch 9, pg 217-227 Database security - only authorized users can
More informationAll the materials and/or graphics included in the IceThemetheme folders MUST be used ONLY with It TheCityTheme from IceTheme.com.
Terms of Use: All the materials and/or graphics included in the IceThemetheme folders MUST be used ONLY with It TheCityTheme from IceTheme.com. Table of Contents 1- Introduction 3 2- Installing the theme
More informationRaspberry Pi Webserver
62 Int'l Conf. Embedded Systems and Applications ESA'15 Raspberry Pi Webserver Max Runia 1, Kanwalinderjit Gagneja 1 1 Department of Computer Science, Southern Oregon University, Ashland, OR, USA Abstract
More informationInstalling buzztouch Self Hosted
Installing buzztouch Self Hosted This step-by-step document assumes you have downloaded the buzztouch self hosted software and operate your own website powered by Linux, Apache, MySQL and PHP (LAMP Stack).
More informationA basic create statement for a simple student table would look like the following.
Creating Tables A basic create statement for a simple student table would look like the following. create table Student (SID varchar(10), FirstName varchar(30), LastName varchar(30), EmailAddress varchar(30));
More informationAn Introduction to Developing ez Publish Extensions
An Introduction to Developing ez Publish Extensions Felix Woldt Monday 21 January 2008 12:05:00 am Most Content Management System requirements can be fulfilled by ez Publish without any custom PHP coding.
More informationSECURING APACHE : THE BASICS - III
SECURING APACHE : THE BASICS - III Securing your applications learn how break-ins occur Shown in Figure 2 is a typical client-server Web architecture, which also indicates various attack vectors, or ways
More informationHow to Install Multicraft on a VPS or Dedicated Server (Ubuntu 13.04 64 bit)
How to Install Multicraft on a VPS or Dedicated Server (Ubuntu 13.04 64 bit) Introduction Prerequisites This tutorial will show you step-by-step on how to install Multicraft 1.8.2 on a new VPS or dedicated
More informationTesting Web Applications for SQL Injection Sam Shober SamShober@Hotmail.com
Testing Web Applications for SQL Injection Sam Shober SamShober@Hotmail.com Abstract: This paper discusses the SQL injection vulnerability, its impact on web applications, methods for pre-deployment and
More informationServer-side scripting with PHP4
Server-side scripting with PHP4 Michael Schacht Hansen (msh@hi.au.dk) Lars Riisgaard Ribe (lars.ribe@iekf.au.dk) Section for Health Informatics Faculty of Health Sciences University of Aarhus Denmark June
More informationSQL Server Instance-Level Benchmarks with DVDStore
SQL Server Instance-Level Benchmarks with DVDStore Dell developed a synthetic benchmark tool back that can run benchmark tests against SQL Server, Oracle, MySQL, and PostgreSQL installations. It is open-sourced
More informationUsing Internet or Windows Explorer to Upload Your Site
Using Internet or Windows Explorer to Upload Your Site This article briefly describes what an FTP client is and how to use Internet Explorer or Windows Explorer to upload your Web site to your hosting
More informationServer side scripting and databases
Three components used in typical web application Server side scripting and databases How Web Applications interact with server side databases Browser Web server Database server Web server Web server Apache
More informationHOW TO BUILD A VMWARE APPLIANCE: A CASE STUDY
HOW TO BUILD A VMWARE APPLIANCE: A CASE STUDY INTRODUCTION Virtual machines are becoming more prevalent. A virtual machine is just a container that describes various resources such as memory, disk space,
More informationOther Language Types CMSC 330: Organization of Programming Languages
Other Language Types CMSC 330: Organization of Programming Languages Markup and Query Languages Markup languages Set of annotations to text Query languages Make queries to databases & information systems
More informationForms Printer User Guide
Forms Printer User Guide Version 10.51 for Dynamics GP 10 Forms Printer Build Version: 10.51.102 System Requirements Microsoft Dynamics GP 10 SP2 or greater Microsoft SQL Server 2005 or Higher Reporting
More informationInstall MS SQL Server 2012 Express Edition
Install MS SQL Server 2012 Express Edition Sohodox now works with SQL Server Express Edition. Earlier versions of Sohodox created and used a MS Access based database for storing indexing data and other
More informationUpgrading MySQL from 32-bit to 64-bit
Upgrading MySQL from 32-bit to 64-bit UPGRADING MYSQL FROM 32-BIT TO 64-BIT... 1 Overview... 1 Upgrading MySQL from 32-bit to 64-bit... 1 Document Revision History... 21 Overview This document will walk
More informationMySQL Quick Start Guide
Fasthosts Customer Support MySQL Quick Start Guide This guide will help you: Add a MySQL database to your account. Find your database. Add additional users. Use the MySQL command-line tools through ssh.
More informationShort notes on webpage programming languages
Short notes on webpage programming languages What is HTML? HTML is a language for describing web pages. HTML stands for Hyper Text Markup Language HTML is a markup language A markup language is a set of
More informationwebapp.secure Installation and Setup Guide
webapp.secure Installation and Setup Guide webscurity Inc. 9298 Central Ave NE Suite 402 Minneapolis MN 55434 USA 866.SCURITY Toll Free (US) 763.786.2009 Twin Cities Metro/International 763.786.3680 Fax
More informationSQL Injection. The ability to inject SQL commands into the database engine through an existing application
SQL Injection The ability to inject SQL commands into the database engine through an existing application 1 What is SQL? SQL stands for Structured Query Language Allows us to access a database ANSI and
More informationPreparing a SQL Server for EmpowerID installation
Preparing a SQL Server for EmpowerID installation By: Jamis Eichenauer Last Updated: October 7, 2014 Contents Hardware preparation... 3 Software preparation... 3 SQL Server preparation... 4 Full-Text Search
More informationPHP ON A FAST TRACK INTRODUCTION: ROADMAP BY JAROSLAW FRANCIK. Companion web site: http:// php.francik.name
PHP ON A FAST TRACK BY JAROSLAW FRANCIK Companion web site: http:// php.francik.name Writing web based, database connected applications in PHP is not difficult, however many people get stuck on just the
More informationInstallation of PHP, MariaDB, and Apache
Installation of PHP, MariaDB, and Apache A few years ago, one would have had to walk over to the closest pizza store to order a pizza, go over to the bank to transfer money from one account to another
More informationSQL Injection Attack Lab
CMSC 426/626 Labs 1 SQL Injection Attack Lab CMSC 426/626 Based on SQL Injection Attack Lab Using Collabtive Adapted and published by Christopher Marron, UMBC Copyright c 2014 Christopher Marron, University
More information3 Setting up Databases on a Microsoft SQL 7.0 Server
3 Setting up Databases on a Microsoft SQL 7.0 Server Overview of the Installation Process To set up GoldMine properly, you must follow a sequence of steps to install GoldMine s program files, and the other
More informationSQL EXPRESS INSTALLATION...
Contents SQL EXPRESS INSTALLATION... 1 INSTALLING SQL 2012 EXPRESS... 1 SQL EXPRESS CONFIGURATION... 7 BILLQUICK DATABASE... 9 SQL Express Installation The Microsoft SQL Server 2012 Express software is
More informationAdvanced PostgreSQL SQL Injection and Filter Bypass Techniques
Advanced PostgreSQL SQL Injection and Filter Bypass Techniques INFIGO-TD TD-200 2009-04 2009-06 06-17 Leon Juranić leon.juranic@infigo.hr INFIGO IS. All rights reserved. This document contains information
More informationG563 Quantitative Paleontology. SQL databases. An introduction. Department of Geological Sciences Indiana University. (c) 2012, P.
SQL databases An introduction AMP: Apache, mysql, PHP This installations installs the Apache webserver, the PHP scripting language, and the mysql database on your computer: Apache: runs in the background
More informationSIMIAN systems. Setting up a Sitellite development environment on Windows. Sitellite Content Management System
Setting up a Sitellite development environment on Windows Sitellite Content Management System Introduction For live deployment, it is strongly recommended that Sitellite be installed on a Unix-based operating
More informationLesson 07: MS ACCESS - Handout. Introduction to database (30 mins)
Lesson 07: MS ACCESS - Handout Handout Introduction to database (30 mins) Microsoft Access is a database application. A database is a collection of related information put together in database objects.
More informationCC ICT-SUD. Setting up and integrate Apache, MySQL and PHP on a Linux system
LAMP CC ICT-SUD Setting up and integrate Apache, MySQL and PHP on a Linux system Installation Simple Alternative (for development/testing only): Xampp I will assume MySQL is already installed and configured
More informationD61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to:
D61830GC30 for Developers Summary Duration Vendor Audience 5 Days Oracle Database Administrators, Developers, Web Administrators Level Technology Professional Oracle 5.6 Delivery Method Instructor-led
More informationHow to Install and use Windows XP Mode and Windows Virtual PC in Windows 7 for older 32 bit only Applications
How to Install and use Windows XP Mode and Windows Virtual PC in Windows 7 for older 32 bit only Applications Important Applies to Windows 7 Professional, Ultimate, Enterprise As of April 8, 2014, technical
More informationMOODLE Installation on Windows Platform
Windows Installation using XAMPP XAMPP is a fully functional web server package. It is built to test web based programs on a personal computer. It is not meant for online access via the web on a production
More informationJet Data Manager 2012 User Guide
Jet Data Manager 2012 User Guide Welcome This documentation provides descriptions of the concepts and features of the Jet Data Manager and how to use with them. With the Jet Data Manager you can transform
More informationResponse Time Analysis of Web Templates
Response Time Analysis of Web Templates Prerequisites To generate trace files that are required for the detailed performance analysis you need to download and unpack the file IEMon.zip. This file can be
More informationMySQL Quick Start Guide
Quick Start Guide MySQL Quick Start Guide SQL databases provide many benefits to the web designer, allowing you to dynamically update your web pages, collect and maintain customer data and allowing customers
More informationCreate a New Database in Access 2010
Create a New Database in Access 2010 Table of Contents OVERVIEW... 1 CREATING A DATABASE... 1 ADDING TO A DATABASE... 2 CREATE A DATABASE BY USING A TEMPLATE... 2 CREATE A DATABASE WITHOUT USING A TEMPLATE...
More informationInstalling Moodle for Windows with Easy PHP Illustrated Install Guide By Floyd Collins
Installing Moodle for Windows with Easy PHP Illustrated Install Guide By Floyd Collins This guide will take you step by step through the install process of Moodle for Windows. I highly recommend that you
More informationBubble Code Review for Magento
User Guide Author: Version: Website: Support: Johann Reinke 1.1 https://www.bubbleshop.net bubbleshop.net@gmail.com Table of Contents 1 Introducing Bubble Code Review... 3 1.1 Features... 3 1.2 Compatibility...
More informationVersion of this tutorial: 1.06a (this tutorial will going to evolve with versions of NWNX4)
Version of this tutorial: 1.06a (this tutorial will going to evolve with versions of NWNX4) The purpose of this document is to help a beginner to install all the elements necessary to use NWNX4. Throughout
More informationSQL injection: Not only AND 1=1. The OWASP Foundation. Bernardo Damele A. G. Penetration Tester Portcullis Computer Security Ltd
SQL injection: Not only AND 1=1 Bernardo Damele A. G. Penetration Tester Portcullis Computer Security Ltd bernardo.damele@gmail.com +44 7788962949 Copyright Bernardo Damele Assumpcao Guimaraes Permission
More informationDatabase Administration with MySQL
Database Administration with MySQL Suitable For: Database administrators and system administrators who need to manage MySQL based services. Prerequisites: Practical knowledge of SQL Some knowledge of relational
More informationTransferring Your Hosting Account
Transferring Your Hosting Account Setting up your Web site on our secure hosting servers So you want to host your Web site on our secure servers, but you want to avoid costly mistakes and excessive site
More informationInstalling an open source version of MateCat
Installing an open source version of MateCat This guide is meant for users who want to install and administer the open source version on their own machines. Overview 1 Hardware requirements 2 Getting started
More informationBeginning with SubclipseSVN
Version 2 July 2007 Beginning with SubclipseSVN A user guide to begin using the Subclipse for source code management on the CropForge collaborative software development site. Copyright International Rice
More informationProduct: DQ Order Manager Release Notes
Product: DQ Order Manager Release Notes Subject: DQ Order Manager v7.1.25 Version: 1.0 March 27, 2015 Distribution: ODT Customers DQ OrderManager v7.1.25 Added option to Move Orders job step Update order
More informationCCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.
CCM 4350 Week 11 Security Architecture and Engineering Guest Lecturer: Mr Louis Slabbert School of Science and Technology CCM4350_CNSec 1 Web Server Security The Web is the most visible part of the net
More informationSVNManager Installation. Documentation. Department of Public Health Erasmus MC University Medical Center
SVNManager Installation Documentation M. Verkerk Department of Public Health Erasmus MC University Medical Center Page 2 July 2005 Preface Version control in the context of this document is all about keeping
More informationBenchmarking and monitoring tools
Benchmarking and monitoring tools Presented by, MySQL & O Reilly Media, Inc. Section one: Benchmarking Benchmarking tools and the like! mysqlslap! sql-bench! supersmack! Apache Bench (combined with some
More informationConfiguring an Alternative Database for SAS Web Infrastructure Platform Services
Configuration Guide Configuring an Alternative Database for SAS Web Infrastructure Platform Services By default, SAS Web Infrastructure Platform Services is configured to use SAS Framework Data Server.
More information