dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added 3 new lessons. Some strings are in the properties files, but not all. Modified CreateDB.java in order to create a new salaries table used by the new SQL injection lessons.

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@390 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
chuck@securityfoundry.com
2009-10-30 04:53:19 +00:00
parent 1dc6c799a7
commit 1c02094545
5 changed files with 837 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
main/project/JavaSource/org/owasp/webgoat/session/CreateDB.java
View File

@ -351,6 +351,53 @@ public class CreateDB
statement.executeUpdate(insertData4);
statement.executeUpdate(insertData5);
}
// creates the table salaries which is used in the lessons
// which add or modify data using sql injection
private void createModifyWithSQLLessonTable(Connection connection) throws SQLException
{
Statement statement = connection.createStatement();
// Delete table if there is one
try
{
String dropTable = "DROP TABLE salaries";
statement.executeUpdate(dropTable);
}
catch (SQLException e)
{
System.out.println("Error dropping salaries table");
}
// Create the new table
try
{
String createTableStatement = "CREATE TABLE salaries ("
+ "userid varchar(50),"
+ "salary int"
+ ")";
statement.executeUpdate(createTableStatement);
}
catch (SQLException e)
{
System.out.println("Error creating salaries table");
e.printStackTrace();
}
// Populate it
String insertData1 = "INSERT INTO salaries VALUES ('jsmith', 20000)";
String insertData2 = "INSERT INTO salaries VALUES ('lsmith', 45000)";
String insertData3 = "INSERT INTO salaries VALUES ('wgoat', 100000)";
String insertData4 = "INSERT INTO salaries VALUES ('rjones', 777777)";
String insertData5 = "INSERT INTO salaries VALUES ('manderson', 65000)";
statement.executeUpdate(insertData1);
statement.executeUpdate(insertData2);
statement.executeUpdate(insertData3);
statement.executeUpdate(insertData4);
statement.executeUpdate(insertData5);
}
/**
@ -996,6 +1043,7 @@ public class CreateDB
createTanUserDataTable(connection);
createTanTable(connection);
createMFEImagesTable(connection);
createModifyWithSQLLessonTable(connection);
System.out.println("Success: creating tables.");
}
}