Formatting according to OWASP WebGoat Java Style
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@359 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
brandon.devries
@ -89,8 +89,8 @@ public class BlindSqlInjection extends LessonAdapter
|
||||
ResultSet.CONCUR_READ_ONLY);
|
||||
ResultSet answer_results = answer_statement.executeQuery(answer_query);
|
||||
answer_results.first();
|
||||
//System.out.println("Account: " + accountNumber);
|
||||
//System.out.println("Answer : " + answer_results.getString(1));
|
||||
// System.out.println("Account: " + accountNumber);
|
||||
// System.out.println("Answer : " + answer_results.getString(1));
|
||||
if (accountNumber.toString().equals(answer_results.getString(1)))
|
||||
{
|
||||
makeSuccess(s);
|
||||
@ -144,7 +144,6 @@ public class BlindSqlInjection extends LessonAdapter
|
||||
return new StringElement("By Chuck Willis");
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Gets the hints attribute of the DatabaseFieldScreen object
|
||||
*
|
||||
@ -153,35 +152,33 @@ public class BlindSqlInjection extends LessonAdapter
|
||||
protected List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
|
||||
+ "Create a SQL statement that you can use as a true/false test and then "
|
||||
+ "select the first character of the target element and do a start narrowing "
|
||||
+ "down the character using > and <"
|
||||
+ "<br><br>The backend database is HSQLDB. Keep that in mind if you research SQL functions "
|
||||
+ "on the Internet since different databases use some different functions and syntax.");
|
||||
hints.add("This is the code for the query being built and issued by WebGoat:<br><br> "
|
||||
+ "\"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
|
||||
hints.add("The application is taking your input and inserting it at the end of a pre-formed SQL command. "
|
||||
+ "You will need to make use of the following SQL functions: "
|
||||
+ "<br><br>SELECT - query for your target data and get a string "
|
||||
+ "<br><br>substr(string, start, length) - returns a "
|
||||
+ "substring of string starting at the start character and going for length characters "
|
||||
+ "<br><br>ascii(string) will return the ascii value of the first character in string "
|
||||
+ "<br><br>> and < - once you have a character's value, compare it to a choosen one");
|
||||
hints.add("Example: is the first character of the first_name of userid " + TARGET_ACCT_NUM
|
||||
+ " less than 'M' (ascii 77)? "
|
||||
+ "<br><br>101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=" + TARGET_ACCT_NUM
|
||||
+ ") , 1 , 1) ) < 77 ); "
|
||||
+ "<br><br>If you get back that account number is valid, then yes. If get back that the number is"
|
||||
+ "invalid then answer is no.");
|
||||
hints.add("Another example: is the second character of the first_name of userid "
|
||||
+ TARGET_ACCT_NUM
|
||||
+ " greater than 'm' (ascii 109)? "
|
||||
+ "<br><br>101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid="
|
||||
+ TARGET_ACCT_NUM
|
||||
+ ") , 2 , 1) ) > 109 ); "
|
||||
+ "<br><br>If you get back that account number is valid, then yes. If get back that the number is "
|
||||
+ "invalid then answer is no.");
|
||||
hints.add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. "
|
||||
+ "Create a SQL statement that you can use as a true/false test and then "
|
||||
+ "select the first character of the target element and do a start narrowing "
|
||||
+ "down the character using > and <"
|
||||
+ "<br><br>The backend database is HSQLDB. Keep that in mind if you research SQL functions "
|
||||
+ "on the Internet since different databases use some different functions and syntax.");
|
||||
hints.add("This is the code for the query being built and issued by WebGoat:<br><br> "
|
||||
+ "\"SELECT * FROM user_data WHERE userid = \" + accountNumber ");
|
||||
hints.add("The application is taking your input and inserting it at the end of a pre-formed SQL command. "
|
||||
+ "You will need to make use of the following SQL functions: "
|
||||
+ "<br><br>SELECT - query for your target data and get a string "
|
||||
+ "<br><br>substr(string, start, length) - returns a "
|
||||
+ "substring of string starting at the start character and going for length characters "
|
||||
+ "<br><br>ascii(string) will return the ascii value of the first character in string "
|
||||
+ "<br><br>> and < - once you have a character's value, compare it to a choosen one");
|
||||
hints.add("Example: is the first character of the first_name of userid " + TARGET_ACCT_NUM
|
||||
+ " less than 'M' (ascii 77)? "
|
||||
+ "<br><br>101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=" + TARGET_ACCT_NUM
|
||||
+ ") , 1 , 1) ) < 77 ); "
|
||||
+ "<br><br>If you get back that account number is valid, then yes. If get back that the number is"
|
||||
+ "invalid then answer is no.");
|
||||
hints.add("Another example: is the second character of the first_name of userid " + TARGET_ACCT_NUM
|
||||
+ " greater than 'm' (ascii 109)? "
|
||||
+ "<br><br>101 AND (ascii( substr((SELECT first_name FROM user_data WHERE userid=" + TARGET_ACCT_NUM
|
||||
+ ") , 2 , 1) ) > 109 ); "
|
||||
+ "<br><br>If you get back that account number is valid, then yes. If get back that the number is "
|
||||
+ "invalid then answer is no.");
|
||||
return hints;
|
||||
}
|
||||
|
||||
@ -233,7 +230,7 @@ public class BlindSqlInjection extends LessonAdapter
|
||||
super.handleRequest(s);
|
||||
} catch (Exception e)
|
||||
{
|
||||
//System.out.println("Exception caught: " + e);
|
||||
// System.out.println("Exception caught: " + e);
|
||||
e.printStackTrace(System.out);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user