Grading of Exercise 7

0 votes

In Exercise 7, Question 10 (2b) Exfiltration (2)) and also in Question 11 (2c) Exfiltration (3)):

- Please can you tell me why the query SELECT * FROM users WHERE password='123'  is considered wrong?

- In Q10, the attacker can see the number of rows. In case there are no user in the database that have the the password '123', then the number of returned rows is 0 and the attacker can know in this case that the password of the admin is not equal to '123'

- The same logic applies for Q11, since the attacker is able to see whether any rows is returned at all.

Please let me know if I am missing something

in ex07 by
edit history

1 Answer

0 votes

There is the following restriction in the exercise:

An attack is only considered sucessful if the other users present in the application do not affect whether information about attacker is revealed.

Therefore, to be considered successful, the attack would also need to work when there are other users that have the password "123".

by (860 points)
edit history