corrected spelling and some formatting
git-svn-id: http://webgoat.googlecode.com/svn/trunk@360 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
brandon.devries
@ -8,7 +8,7 @@ SQL injection attacks represent a serious threat to any database-driven site. Th
|
||||
<br><br>
|
||||
Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.<br>
|
||||
<br>
|
||||
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queiries, even if the threat of SQL injection has been prevented in some other manner.<br>
|
||||
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.<br>
|
||||
<p><b>General Goal(s):</b> </p>
|
||||
The form below allows a user to view weather data. Try to inject an SQL string that results in all the weather data being displayed.
|
||||
<!-- Stop Instructions -->
|
||||
@ -8,7 +8,7 @@ SQL injection attacks represent a serious threat to any database-driven site. Th
|
||||
<br><br>
|
||||
Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.<br>
|
||||
<br>
|
||||
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queiries, even if the threat of SQL injection has been prevented in some other manner.<br>
|
||||
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.<br>
|
||||
<p><b>General Goal(s):</b> </p>
|
||||
The form below allows a user to view their credit card numbers. Try to inject an SQL string that results in all the credit card numbers being displayed. Try the user name of 'Smith'.
|
||||
<!-- Stop Instructions -->
|
||||
@ -599,7 +599,7 @@ SQL injection attacks represent a serious threat to any database-driven site. Th
|
||||
|
||||
Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
|
||||
|
||||
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queiries, even if the threat of SQL injection has been prevented in some other manner.<o:p></o:p></span></p>
|
||||
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.<o:p></o:p></span></p>
|
||||
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
|
||||
<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'>General
|
||||
Goal(s):</span></b><span style='font-family:"Arial","sans-serif"'> <o:p></o:p></span></p>
|
||||
|
||||
@ -602,7 +602,7 @@ Not only is it a threat easily instigated, it is also a threat that, with a
|
||||
little common-sense and forethought, can easily be prevented.<br>
|
||||
<br>
|
||||
It is always good practice to sanitize all input data, especially data that
|
||||
will used in OS command, scripts, and database queiries, even if the threat of
|
||||
will used in OS command, scripts, and database queries, even if the threat of
|
||||
SQL injection has been prevented in some other manner.<o:p></o:p></span></p>
|
||||
|
||||
<p class=MsoNormal><b><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></b></p>
|
||||
|
||||
Reference in New Issue
Block a user