viii
TABLE OF CONTENT
CHAPTER
1
TITLE
PAGE
DECLARATION
ii
DEDICATION
iv
ACKNOWLEDGEMENT
v
ABSTRACT
vi
ABSTRAK
vii
TABLE OF CONTENTS
viii
LIST OF TABLES
xii
LIST OF FIGURES
xiii
INTRODUCTION
1.1
Introduction
1
1.2
Background of study
2
1.3
Rational of the study
4
1.4
Statement of problem
5
1.5
Objective of the study
6
1.6
Significance of the study
6
1.7
Scope of the study
7
1.8
Report Outline
7
ix
2
LITERATURE REVIEW
2.1
Introduction
8
2.2
Database Management System (DBMS)
9
2.2.1
Definition
9
2.2.2
History
10
2.2.3
Components
11
2.2.4
Modelling Language
13
2.2.4.1
Definition
13
2.2.4.2
Types of Database Structure
13
2.2.4.3
Database Query Language
20
2.2.4.4
Transaction Mechanism
22
2.3
2.4
2.5
Structured Query Language (SQL)
22
2.3.1
Definition
22
2.3.2
History
24
2.3.3
Language Elements
25
2.3.4
Queries
28
2.3.5
Ways to Use SQL
30
2.3.6
SQL Versions
31
SQL Injection
33
2.4.1
Definition
33
2.4.2
SQL Injection Types
35
Boolean Algebra
36
2.5.1
Definition
36
2.5.2
History
37
2.5.3
Three Valued Logic
39
2.5.4
Boolean Operator
41
x
3
2.5.4.1
Definition
41
2.5.4.2
2.5.4.3
Types of Operator
Applications of Boolean Operator
In Boolean Search
42
RESEARCH METHODOLOGY
3.1
Introduction
48
3.2
Operational Framework
50
3.3
Studies on Database Management System (DBMS)
51
3.4
Studies on Structured Query Language (SQL)
51
3.5
Studies on SQL Injection
52
3.6
Studies on Boolean Algebra
52
3.7
Types of SQL Injection
53
3.7.1
53
Bypassing Logins
3.8
Vulnerable Websites
55
3.9
Testing Rule
57
3.10 Observing and Analyzing Result
4
42
58
EXPECTED RESULT
4.1
Introduction
59
4.2
An Example of Table in Database
60
4.3
Log-in Testing
61
4.3.1
By Using True Log-in Information
61
4.3.2
By Using False Log-in Information
63
4.4
General SQL Query
63
4.5
SQL Injection Query
67
4.6
Bypass Strings Testing on Mutillidae Website
69
xi
4.6.1
4.7
4.8
82
Bypass Strings Test on UTM Websites
4.8.1 Summarize of Bypass Strings Test on UTM
Websites
88
Summarize of Combination Bypass Strings
Test on UTM Websites
Results
4.10 SQL Bypassing Login Testing in Other Website
5
81
Combination of Bypass Strings
4.7.1 Summarize of Combination of Bypass
Strings
4.8.2
4.9
Summarize of Bypass Strings Testing on
Mutillidae Website
85
90
91
94
96
RESULT AND RECOMMENDATION
5.1
Conclusion
99
5.2
Recommendation
101
REFERENCES
103
xii
LIST OF TABLES
TABLE NO.
TITLE
PAGE
2.1
SQL language elements
26
2.2
The AND truth table
40
2.3
The OR truth table
40
2.4
The NOT truth table
40
2.5
The application of each of the operator
42
2.6
The example of Truncation
47
4.1
An example of table in a database of Mutillidae website
60
4.2
Summarize of Bypass Strings Testing on Mutillidae Website
81
4.3
Summarize of Combination of Bypass Strings
85
4.4
Summarize of Bypass Strings Test on UTM Websites
90
4.5
Summarize of Combination Bypass Strings Test on UTM
Websites
92
xiii
LIST OF FIGURES
FIGURE NO.
TITLE
PAGE
2.1
The Hierarchical Structure
14
2.2
The Network Structure
16
2.3
The Relational Structure
18
2.4
Statistics OR Algebra
43
2.5
Statistics AND Algebra
44
2.6
Statistics NOT Algebra
45
3.1
Operational framework
50
3.2
Front page of the Mutillidae site
55
3.3
The result after inserting the „ symbol in the username field
56
3.4
The result after inserting „or‟ 1‟=‟1 in the password field
57
4.1
Executed true login information into input box
62
4.2
Logon the Mutillidae website as admin user
62
4.3
Executed false login information into input box
63
4.4
Did not manage to login the Mutillidae website
64
4.5
Input box of username and password of Mutillidae website
68
4.6
Three example of login input box in Faculty of Education
88
4.7
Input box for students
89
4.8
Input box for lecturers
89
4.9
Input box for admin
89
4.10
Page that shows the vulnerability of the FSKSM website
95
xiv
4.11
The logon page of Beneficial Bank website
96
4.12
Logon the Beneficial Bank website
97
4.13
The logon page of Altoro Mutual Banking website
97
4.14
The Altoro Mutual Banking Website shows an error message
98