labs / tiddlers / content / labs / 06 / _Labs_05_SQL

You can download the SQL injection demo code from Blackboard, unzip it into a folder under you home folder, and use gradle build in the terminal to prepare the system. You will need to copy the resulting Web archive (.war) file into your Tomcat folder (from the earlier lab work on HTTP).

We will step you through the process of crafting some "nasty" strings to enter into the system to conduct SQL injection attacks on the back-end database.