Soumettre la recherche
Mettre en ligne
Relational Databases - Lecture 5 - SQL injection
•
0 j'aime
•
148 vues
Karina Sokolova
Suivre
SQL injection attack example
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 10
Recommandé
Relational Databases - Lecture 4 - SQL language
Relational Databases - Lecture 4 - SQL language
Karina Sokolova
Relational Databases - Lecture 2 - Entity-relationship diagram
Relational Databases - Lecture 2 - Entity-relationship diagram
Karina Sokolova
Relational Databases - Lecture 1 - Introduction
Relational Databases - Lecture 1 - Introduction
Karina Sokolova
Facebook Advertising
Facebook Advertising
Xerox
Twitter Advertisement
Twitter Advertisement
Xerox
Online Advertising Landscape
Online Advertising Landscape
Xerox
Importance Of Good Friend
Importance Of Good Friend
NextFlights
Mockup background
Mockup background
Saravanakumar Devaraj
Recommandé
Relational Databases - Lecture 4 - SQL language
Relational Databases - Lecture 4 - SQL language
Karina Sokolova
Relational Databases - Lecture 2 - Entity-relationship diagram
Relational Databases - Lecture 2 - Entity-relationship diagram
Karina Sokolova
Relational Databases - Lecture 1 - Introduction
Relational Databases - Lecture 1 - Introduction
Karina Sokolova
Facebook Advertising
Facebook Advertising
Xerox
Twitter Advertisement
Twitter Advertisement
Xerox
Online Advertising Landscape
Online Advertising Landscape
Xerox
Importance Of Good Friend
Importance Of Good Friend
NextFlights
Mockup background
Mockup background
Saravanakumar Devaraj
Allah The Most Merciful
Allah The Most Merciful
SaudiToursUK
Glenn Flekke Digital Portfolio
Glenn Flekke Digital Portfolio
gflekke
1
1
AnjaniKumar203
Business Card
Business Card
WebForYou Creative Agency
University of manchester degree UoM diploma
University of manchester degree UoM diploma
DiplomaTranscript
Universityof wiscons inlacrosse diploma
Universityof wiscons inlacrosse diploma
DiplomaTranscript
Color Clash
Color Clash
Lindsay Walsh
Newnew
Newnew
admin15kkr
Big Data
Big Data
Xerox
Tamil double letter words
Tamil double letter words
Peahen Sharmi
X1
X1
Maxim Petrov
CL - Fortaleza digital, Dan Brown
CL - Fortaleza digital, Dan Brown
Luís
Design is as good (or flawed) as the people who make it
Design is as good (or flawed) as the people who make it
Kayla J Heffernan
Aku
Aku
Juli September
Introduction To Uae & Mena Trading Strategies By Peter Barr
Introduction To Uae & Mena Trading Strategies By Peter Barr
petebarr
TARJETA MADRE
TARJETA MADRE
MiguelngelGozaineArr
Let´s Fight for Human Unintelligence
Let´s Fight for Human Unintelligence
Robin-Boris Kasper
Intro to Biodesign: Working with Living Things
Intro to Biodesign: Working with Living Things
Leticia Oxley
How to build a great coding culture
How to build a great coding culture
Mark Halvorson
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
Kamel Mansouri
Ke hoach thi cong thang 9
Ke hoach thi cong thang 9
Bước Bên Aj
Salesforce Training Institute In Pune Syllabus
Salesforce Training Institute In Pune Syllabus
victoriousdigital
Contenu connexe
Tendances
Allah The Most Merciful
Allah The Most Merciful
SaudiToursUK
Glenn Flekke Digital Portfolio
Glenn Flekke Digital Portfolio
gflekke
1
1
AnjaniKumar203
Business Card
Business Card
WebForYou Creative Agency
University of manchester degree UoM diploma
University of manchester degree UoM diploma
DiplomaTranscript
Universityof wiscons inlacrosse diploma
Universityof wiscons inlacrosse diploma
DiplomaTranscript
Color Clash
Color Clash
Lindsay Walsh
Newnew
Newnew
admin15kkr
Big Data
Big Data
Xerox
Tamil double letter words
Tamil double letter words
Peahen Sharmi
Tendances
(10)
Allah The Most Merciful
Allah The Most Merciful
Glenn Flekke Digital Portfolio
Glenn Flekke Digital Portfolio
1
1
Business Card
Business Card
University of manchester degree UoM diploma
University of manchester degree UoM diploma
Universityof wiscons inlacrosse diploma
Universityof wiscons inlacrosse diploma
Color Clash
Color Clash
Newnew
Newnew
Big Data
Big Data
Tamil double letter words
Tamil double letter words
Similaire à Relational Databases - Lecture 5 - SQL injection
X1
X1
Maxim Petrov
CL - Fortaleza digital, Dan Brown
CL - Fortaleza digital, Dan Brown
Luís
Design is as good (or flawed) as the people who make it
Design is as good (or flawed) as the people who make it
Kayla J Heffernan
Aku
Aku
Juli September
Introduction To Uae & Mena Trading Strategies By Peter Barr
Introduction To Uae & Mena Trading Strategies By Peter Barr
petebarr
TARJETA MADRE
TARJETA MADRE
MiguelngelGozaineArr
Let´s Fight for Human Unintelligence
Let´s Fight for Human Unintelligence
Robin-Boris Kasper
Intro to Biodesign: Working with Living Things
Intro to Biodesign: Working with Living Things
Leticia Oxley
How to build a great coding culture
How to build a great coding culture
Mark Halvorson
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
Kamel Mansouri
Ke hoach thi cong thang 9
Ke hoach thi cong thang 9
Bước Bên Aj
Salesforce Training Institute In Pune Syllabus
Salesforce Training Institute In Pune Syllabus
victoriousdigital
Image pacman
Image pacman
Francois Durant
annual-report-2016
annual-report-2016
Paul Adler
Digital Product Design
Digital Product Design
Andy Budd
el pensamiento de
el pensamiento de
Javi Maycol
Bega Cheese - A $1 billion company?
Bega Cheese - A $1 billion company?
VCE Accounting - Michael Allison
SI-ESF-M-BIPV-CT-ROOFS
SI-ESF-M-BIPV-CT-ROOFS
Solar Innova
SI-ESF-M-BIPV-CT-SKYLIGHTS
SI-ESF-M-BIPV-CT-SKYLIGHTS
Solar Innova
SI-ESF-M-BIPV-CT-CURTAIN WALLS
SI-ESF-M-BIPV-CT-CURTAIN WALLS
Solar Innova
Similaire à Relational Databases - Lecture 5 - SQL injection
(20)
X1
X1
CL - Fortaleza digital, Dan Brown
CL - Fortaleza digital, Dan Brown
Design is as good (or flawed) as the people who make it
Design is as good (or flawed) as the people who make it
Aku
Aku
Introduction To Uae & Mena Trading Strategies By Peter Barr
Introduction To Uae & Mena Trading Strategies By Peter Barr
TARJETA MADRE
TARJETA MADRE
Let´s Fight for Human Unintelligence
Let´s Fight for Human Unintelligence
Intro to Biodesign: Working with Living Things
Intro to Biodesign: Working with Living Things
How to build a great coding culture
How to build a great coding culture
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
Ke hoach thi cong thang 9
Ke hoach thi cong thang 9
Salesforce Training Institute In Pune Syllabus
Salesforce Training Institute In Pune Syllabus
Image pacman
Image pacman
annual-report-2016
annual-report-2016
Digital Product Design
Digital Product Design
el pensamiento de
el pensamiento de
Bega Cheese - A $1 billion company?
Bega Cheese - A $1 billion company?
SI-ESF-M-BIPV-CT-ROOFS
SI-ESF-M-BIPV-CT-ROOFS
SI-ESF-M-BIPV-CT-SKYLIGHTS
SI-ESF-M-BIPV-CT-SKYLIGHTS
SI-ESF-M-BIPV-CT-CURTAIN WALLS
SI-ESF-M-BIPV-CT-CURTAIN WALLS
Dernier
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Dernier
(20)
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Relational Databases - Lecture 5 - SQL injection
1.
1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 1 1 0 0 1 0 1 0 1 1 0 1 1 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 1 0 0 1 0 1 1 0 1 ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ ✑ ✐ ✐ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 0 1 0 0 1 ✑ 1 0 0 1 0 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 0 1 1 1 0 1 1 0 0 1 0 1 0 0 1 0 1 1 1 1 0 1 1 0 0 1 0 1 1 1 1 1 1 0 0 0 1 0 1 0 0 1 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 0 0 1 0 1 1 1 1 1 ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✑ SQL injection
2.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 SQL injection • Injection
of an SQL query via an input from the client application • Vulnerability comes from the dynamic SQL request construction
3.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Cyber Attacks Statistics
4.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Typical example String loginQuery
= “SELECT * FROM useraccounts WHERE userID = ‘“ + request.getParameter(“userID”) + “‘ AND password = ‘“ + request.getParameter(“password") + “‘“; userID = ' or 1=1 -- password = doesNotMatter SELECT * FROM useraccounts WHERE userID = '' or 1=1 -- AND password='doesNotMatter'
5.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Threat • Execute SQL
queries • Select, Insert, Delete • Explore error messages • Column 'users.username' is invalid • Identity theft • Data leakage
6.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Threat
7.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Threat: camera
8.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Threat: Swedish elections
9.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Android example Curson curson
= db.rawQuery(“select * from login where USERNAME = ‘“ + param1 + “‘ and PASSWORD = ‘“ +param2 + “‘;”, null); Curson curson = db.rawQuery(“select * from login where USERNAME = ? and PASSWORD = ?;”, new String[]{param1, param2}); • Bad • Good
10.
1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 1 1 0 0 1 0 1 0 1 1 0 1 1 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 1 0 0 1 0 1 ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ ✑ ✐ ✐ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 0 1 0 0 1 ✑ 0 0 1 0 0 1 0 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 0 1 1 1 0 1 1 0 0 1 0 1 0 0 1 0 1 1 1 1 0 1 1 0 0 1 0 1 1 1 1 1 1 0 0 0 1 0 1 0 0 1 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 0 0 1 0 1 1 1 1 1 ✑ ✐ ✐ ✑ ✑ Practical attack