In this lab, you performed a series of SQL injection attacks against an existing vulnerable database to see
what damage can be done as a result of a failure to follow the principle of least privilege. You then
modified the database so that the application followed the principle of least privilege and made the
(minor) changes to the Web application that are required for this change. Finally, you repeated the attacks
to verify that the damage that you can cause is far more limited.
Lab Assessment Questions & Answers
1.Why did the SQL attacks used in this lab always end in
did you need to install the Web Developer Firefox add
error message occurs when a table is missing from the database?
is the exact SQL query used when searching for Alan Ashby?
command to the DBMS gives the bbro account the access it