diff --git a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties index 652989ea9..50c5d725a 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties +++ b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties @@ -2,7 +2,7 @@ StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query. Restart the lesson if you wish to return to the injectable query. EnterLastName=Enter your last name: -sql.injection.title=SQL Injection +sql.injection.title=SQL Injection (introduction) sql.mitigation.title=SQL Injection (mitigation) sql.advanced.title=SQL Injection (advanced) diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc index ad87df0ac..ad3b62998 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc +++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc @@ -1,5 +1,4 @@ {nbsp} + -{nbsp} + ==== Here are some examples of what a hacker could supply to the input field to perform actions on the database that go further than just reading the data of a single user: diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_before.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_before.adoc index bbe6358e2..ab198c424 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_before.adoc +++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_before.adoc @@ -3,8 +3,9 @@ SQL Injections are the most common web hacking techniques. *A SQL injection attack consists of insertion or "injection" of malicious code via the SQL query input from the client to the application.* If not dealt with correctly, such an injection of code into the application can have an serious impact on e.g. data integrity and security. SQL Injections can occur, when unfiltered data from the client, e.g. the input of a search field, gets into the SQL-Interpreter of the application itself. If the input from the client does not get checked for containing SQL Commands, hackers can easily manipulate the underlying SQL-Statement to their advantages. + -Per example if the input is not filtered for SQL metacharacters like *--* (comments out the rest of the line) or *;* (ends a SQL-query and that way can be used to chain them) +Per example if the input is not filtered for SQL metacharacters like *--* (comments out the rest of the line) or *;* (ends a SQL-query and that way can be used to chain them). +{nbsp} + == Example of SQL Injection @@ -18,14 +19,13 @@ The SQL-query to retrieve the user information from the database looks like that ------------------------------------------------------- The variable *userName* holds the input from the client and “injects” it into the query. + -If the Input would be Smith the query then looks like that + +If the input would be Smith the query then looks like that + ------------------------------------------------------- "SELECT * FROM users WHERE name = 'Smith'"; ------------------------------------------------------- and would retrieve all data for the user with the name Smith. +{nbsp} + But if an attacker supplies an unexpected input which could be part of a SQL-query, the query itself can be modified and that way be used to perform other (malicious) actions on the database. -{nbsp} + -{nbsp} + Here is an input field. Try typing some SQL in here to better understand how the query changes. \ No newline at end of file