1. You used the Firefox Web Developer add-on to remove the length limits of the HTML text field to allow longer attack strings. There are several other ways you could have achieved this goal. List three, explaining how you would use it. Your answer should eliminate any question of whether the client must do what the server asks. The client is free to do whatever it wants with whatever the server sends.
2. We used a semicolon (;) to separate our SQL statements. Some databases support this option. In some, whether to allow it is a configuration option, and some never allow more than one statement. Suppose the victim database would not allow the use of a semicolon to separate the statements. Assume the database contained a table named team with the following columns: teamname, year, wins, losses, atbat, runs, hits, singles, doubles, triples, homeruns, errors. (There could be many more columns, but these are more than sufficient for this question.) Give an example of a SQL query that would combine the data from the team table with the query that is executing in the Web application. Then, give the SQL injection string you would use to execute it in the Web application. It is OK to assume the application state is before you implemented least privilege.
This material may consist of step-by-step explanations on how to solve a problem or examples of proper writing, including the use of citations, references, bibliographies, and formatting. This material is made available for the sole purpose of studying and learning - misuse is strictly forbidden.
The first possibility to change the maximum allowed length for HTML text field is to use the following statement:
document.getElementById("myTextarea").maxLength = "value" , where “value” has the desired value.
Another simple way to bypass the maxLength limitations is to disable Java Script....
This is only a preview of the solution. Please use the purchase button to see the entire solution