dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Polished and fixed assignment 10 (A) of sql injections

Browse Source
This commit is contained in:
Benedikt - Desktop 2018-11-06 18:06:56 +01:00 committed by Nanne Baars
parent 1bcddaf710
commit 002ce6e8a6
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson10.java
View File

@ -35,13 +35,13 @@ public class SqlInjectionLesson10 extends AssignmentEndpoint {
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet results = statement.executeQuery(query); ResultSet results = statement.executeQuery(query);
if (results.getStatement() != null && results.first()) { if (results.getStatement() != null) {
results.first();
output.append(SqlInjectionLesson8.generateTable(results)); output.append(SqlInjectionLesson8.generateTable(results));
results.last();
return trackProgress(failed().feedback("sql-injection.10.entries").output(output.toString()).build()); return trackProgress(failed().feedback("sql-injection.10.entries").output(output.toString()).build());
} else { } else {
if (tableExists(connection)) { if (tableExists(connection)) {
return trackProgress(failed().output(output.toString()).build()); return trackProgress(failed().feedback("sql-injection.10.entries").output(output.toString()).build());
} }
else { else {
return trackProgress(success().feedback("sql-injection.10.success").build()); return trackProgress(success().feedback("sql-injection.10.success").build());
@ -49,7 +49,7 @@ public class SqlInjectionLesson10 extends AssignmentEndpoint {
} }
} catch (SQLException e) { } catch (SQLException e) {
if (tableExists(connection)) { if (tableExists(connection)) {
return trackProgress(failed().output("<span class='feedback-negative'>" + e.getMessage() + "</span><br>" + output.toString()).build()); return trackProgress(failed().feedback("sql-injection.error").output("<span class='feedback-negative'>" + e.getMessage() + "</span><br>" + output.toString()).build());
} }
else { else {
return trackProgress(success().feedback("sql-injection.10.success").build()); return trackProgress(success().feedback("sql-injection.10.success").build());
@ -61,15 +61,21 @@ public class SqlInjectionLesson10 extends AssignmentEndpoint {
} }
} }
private boolean tableExists(Connection connection) throws SQLException { private boolean tableExists(Connection connection) {
ResultSet res = connection.getMetaData().getTables(null, null, "access_log", null); try {
while (res.next()) { Statement stmt = connection.createStatement();
String table_name = res.getString("TABLE_NAME"); ResultSet results = stmt.executeQuery("SELECT * FROM access_log");
if (table_name != null && table_name.equals("access_log")) { int cols = results.getMetaData().getColumnCount();
return true; return (cols > 0);
} } catch (SQLException e) {
} String error_msg = e.getMessage();
if (error_msg.contains("object not found: ACCESS_LOG")) {
return false; return false;
} else {
System.err.println(e.getMessage());
return false;
}
}
} }
} }