dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added (introduction) extra to the sidebar menu on the left.

Browse Source 
Slightly modified SQL Injections explanation/example.
This commit is contained in:
Benedikt - Desktop 2018-11-02 11:59:56 +01:00 committed by Nanne Baars
parent adc8891160
commit 0529289f6d
3 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -2,7 +2,7 @@
StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query. Restart the lesson if you wish to return to the injectable query. StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query. Restart the lesson if you wish to return to the injectable query.
EnterLastName=Enter your last name: EnterLastName=Enter your last name:
sql.injection.title=SQL Injection sql.injection.title=SQL Injection (introduction)
sql.mitigation.title=SQL Injection (mitigation) sql.mitigation.title=SQL Injection (mitigation)
sql.advanced.title=SQL Injection (advanced) sql.advanced.title=SQL Injection (advanced)

1
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc
View File

@ -1,5 +1,4 @@
{nbsp} + {nbsp} +
{nbsp} +
==== Here are some examples of what a hacker could supply to the input field to perform actions on the database that go further than just reading the data of a single user: ==== Here are some examples of what a hacker could supply to the input field to perform actions on the database that go further than just reading the data of a single user:

8
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_before.adoc
View File

@ -3,8 +3,9 @@
SQL Injections are the most common web hacking techniques. *A SQL injection attack consists of insertion or "injection" of malicious code via the SQL query input from the client to the application.* If not dealt with correctly, such an injection of code into the application can have an serious impact on e.g. data integrity and security. SQL Injections are the most common web hacking techniques. *A SQL injection attack consists of insertion or "injection" of malicious code via the SQL query input from the client to the application.* If not dealt with correctly, such an injection of code into the application can have an serious impact on e.g. data integrity and security.
SQL Injections can occur, when unfiltered data from the client, e.g. the input of a search field, gets into the SQL-Interpreter of the application itself. If the input from the client does not get checked for containing SQL Commands, hackers can easily manipulate the underlying SQL-Statement to their advantages. + SQL Injections can occur, when unfiltered data from the client, e.g. the input of a search field, gets into the SQL-Interpreter of the application itself. If the input from the client does not get checked for containing SQL Commands, hackers can easily manipulate the underlying SQL-Statement to their advantages. +
Per example if the input is not filtered for SQL metacharacters like *--* (comments out the rest of the line) or *;* (ends a SQL-query and that way can be used to chain them) Per example if the input is not filtered for SQL metacharacters like *--* (comments out the rest of the line) or *;* (ends a SQL-query and that way can be used to chain them).
{nbsp} +
== Example of SQL Injection == Example of SQL Injection
@ -18,14 +19,13 @@ The SQL-query to retrieve the user information from the database looks like that
------------------------------------------------------- -------------------------------------------------------
The variable *userName* holds the input from the client and “injects” it into the query. + The variable *userName* holds the input from the client and “injects” it into the query. +
If the Input would be Smith the query then looks like that + If the input would be Smith the query then looks like that +
------------------------------------------------------- -------------------------------------------------------
"SELECT * FROM users WHERE name = 'Smith'"; "SELECT * FROM users WHERE name = 'Smith'";
------------------------------------------------------- -------------------------------------------------------
and would retrieve all data for the user with the name Smith. and would retrieve all data for the user with the name Smith.
{nbsp} +
But if an attacker supplies an unexpected input which could be part of a SQL-query, the query itself can be modified and that way be used to perform other (malicious) actions on the database. But if an attacker supplies an unexpected input which could be part of a SQL-query, the query itself can be modified and that way be used to perform other (malicious) actions on the database.
{nbsp} +
{nbsp} +
Here is an input field. Try typing some SQL in here to better understand how the query changes. Here is an input field. Try typing some SQL in here to better understand how the query changes.