Compromising Integrity with Query chaining

After compromising the confidentiality of data in the previous lesson, this time we are gonna compromise the integrity of data by using SQL query chaining.

The integrity of any data can be compromised, if an attacker per example changes information that he should not even be able to access.

What is SQL query chaining?

Query chaining is exactly what it sounds like. When query chaining, you try to append one or more queries to the end of the actual query. You can do this by using the ; metacharacter which marks the end of a query and that way allows to start another one right after it within the same line.

It is your turn!

You just found out that Tobi and Bob both seem to earn more money than you! Of course you cannot leave it at that. Better go and change your own salary so you are earning the most!

Remember: Your name is John Smith and your current TAN is 3SL99A.

Solution

💡 Try to find a way, to chain another query to the end of the existing one. 💡 Use the ; metacharacter to do so. 💡 Make use of DML to change your salary. 💡 Make sure that the resulting query is syntactically correct. 💡 How about something like '; UPDATE employees....

• Employee Name: A

• Authentication TAN: '; UPDATE employees SET salary=99999 WHERE first_name='John