SQL Injection
This exercise consists of the three tasks described below. You don't need OWASP ZAP or any other
intercepting proxy to complete them.
Valid customers are: Arthur Dent, Ford Prefect, Tricia Trillian McMillan, Zaphod
Beeblebrox, Marvin, Slartibartfast.
Simple JDBC Statements
Your first task is to attack the database that is queried with simple JDBC statements. Can you successfully attack the database?
Escaped JDBC Statements
Your second task is to attack the database that is queried with escaped JDBC statements. Can you successfully attack the database with the query working before?
Prepared Statements
Your third task is to attack the database that is queried with prepared statements. Can you successfully attack the database with the query working before?