dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Split large SQL lesson

Browse Source
This commit is contained in:
Nanne Baars
2017-06-11 22:12:53 +02:00
parent b048988d2f
commit 0740c4ba95
10 changed files with 332 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -6,8 +6,9 @@ SqlStringInjectionHint1=The application is taking your input and inserting it at
SqlStringInjectionHint2=This is the code for the query being built and issued by WebGoat:<br><br> "SELECT * FROM user_data WHERE last_name = "accountName"
SqlStringInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true
SqlStringInjectionHint4=Try entering [ smith' OR '1' = '1 ].
SqlStringInjectionHint5=Try adding a union to the query, the number of columns should match.
SqlStringInjectionHint6=Try entering [ Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data -- ].
SqlStringInjectionHint5=First try to find out the number of columns by adding a group by 1,2,3 etc to the query.
SqlStringInjectionHint6=Try adding a union to the query, the number of columns should match.
SqlStringInjectionHint7=Try entering [ Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data -- ].
sql-injection.5a.success=You have succeed: {0}
sql-injection.5a.no.results=No results matched. Try Again.