dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed some errors.

Browse Source
This commit is contained in:
Benedikt - Desktop
2018-11-06 11:47:23 +01:00
committed by Nanne Baars
parent 26e3803de0
commit 14f4b42ba5
5 changed files with 7 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -38,6 +38,8 @@ sql-injection.6b.no.results=No results matched. Try Again.
sql-injection.8.success=You have succeeded! You successfully compromised the confidentiality of data by viewing internal information that you should not have access to. Well done! {0}
sql-injection.8.no.results=No employee found with matching lastname. Or maybe your authentication TAN is incorrect?
sql-injection.9.success=Well done! Now you're earning the most money. And at the same time you successfully compromised the integrity of data by changing the salary! {0}
sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data.
SqlStringInjectionHint8-1=The application is taking your input and inserting the values into the variables 'name' and 'auth_tan' of the pre-formed SQL command.
SqlStringInjectionHint8-2=Compound SQL statements can be made by expanding the WHERE clause of the statement with keywords like AND and OR.
@ -45,16 +47,12 @@ SqlStringInjectionHint8-3=Try appending a SQL statement that always resolves to
SqlStringInjectionHint8-4=Make sure all quotes (" ' ") are opened and closed properly so the resulting SQL query is syntactically correct.
SqlStringInjectionHint8-5=Try extending the WHERE clause of the statement by adding something like: ' OR '1' = '1.
sql-injection.9.success=Well done! Now you're earning the most money. And at the same time you successfully compromised the integrity of data by changing the salary. {0}
SqlStringInjectionHint9-1=Try to find a way, to chain another query to the end of the existing one.
SqlStringInjectionHint9-2=Use the ; metacharacter to do so.
SqlStringInjectionHint9-3=Make use of DML to change your salary.
SqlStringInjectionHint9-4=Make sure that the resulting query is syntactically correct.
SqlStringInjectionHint9-5=How about something like '; UPDATE employees....
sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data.
SqlStringInjectionHint10-1=Use the techniques that you have learned before.
SqlStringInjectionHint10-2=The application takes your input and filters for entries that are LIKE it.
SqlStringInjectionHint10-3=Try query chaining to reach the goal.

2
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content10.adoc
View File

@ -4,5 +4,5 @@ After successfully compromising confidentiality and integrity in the previous le
=== It's your turn!
Now you're the top earner in your company.
But do you see that?
There seems to be a table, where all your actions have been logged to! +
There seems to be a access_log table, where all your actions have been logged to! +
Better go and delete it quickly before anyone notices.