diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java index 5a754d9cd..23c1ba2dd 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java @@ -7,6 +7,8 @@ import java.sql.SQLException; import java.util.HashMap; import java.util.Map; +import org.springframework.beans.factory.annotation.Autowired; + /** ************************************************************************************************* @@ -42,6 +44,8 @@ public class DatabaseUtilities private static Map connections = new HashMap(); private static Map dbBuilt = new HashMap(); + @Autowired + private static WebSession webSession; /** *

getConnection.

@@ -50,9 +54,9 @@ public class DatabaseUtilities * @return a {@link java.sql.Connection} object. * @throws java.sql.SQLException if any. */ - public static Connection getConnection(WebSession s) throws SQLException + public static Connection getConnection() throws SQLException { - return getConnection(s.getUserName(), s.getWebgoatContext()); + return getConnection(webSession.getUserName(), webSession.getWebgoatContext()); } /** diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java index 858610b4a..8a4c657df 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java @@ -62,8 +62,8 @@ public class WebSession { * @return a {@link java.sql.Connection} object. * @throws java.sql.SQLException if any. */ - public static synchronized Connection getConnection(WebSession s) throws SQLException { - return DatabaseUtilities.getConnection(s); + public static synchronized Connection getConnection() throws SQLException { + return DatabaseUtilities.getConnection(); } /** diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson5a.java similarity index 59% rename from webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson.java rename to webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson5a.java index e11c90f52..f47a95276 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson5a.java @@ -2,11 +2,17 @@ package org.owasp.webgoat.plugin; import java.io.IOException; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.ResultSetMetaData; +import java.sql.SQLException; +import java.sql.Statement; import javax.servlet.http.HttpServletRequest; import org.owasp.webgoat.lessons.Assignment; import org.owasp.webgoat.lessons.model.AttackResult; +import org.owasp.webgoat.session.DatabaseUtilities; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; @@ -44,106 +50,104 @@ import org.springframework.web.bind.annotation.ResponseBody; * @author Bruce Mayhew WebGoat * @created October 28, 2003 */ -public class SqlInjectionLesson extends Assignment { +public class SqlInjectionLesson5a extends Assignment { @RequestMapping(method = RequestMethod.POST) - public @ResponseBody AttackResult completed(@RequestParam String person, HttpServletRequest request) throws IOException { - if (!person.toString().equals("")) { - return trackProgress(AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString())); - } else { - return trackProgress(AttackResult.failed("You are close, try again")); - } + public @ResponseBody AttackResult completed(@RequestParam String answer, HttpServletRequest request) throws IOException { +System.out.println("answer:" + answer); + return injectableQuery(answer); } @Override public String getPath() { - return "/SqlInjection/attack1"; + return "/SqlInjection/attack5a"; } -// private final static String ACCT_NAME = "account_name"; -// -// private static String STAGE = "stage"; -// -// private String accountName; -// -// /** -// * Description of the Method -// * -// * @param s -// * Description of the Parameter -// * @return Description of the Return Value -// */ -// protected Element createContent(WebSession s) -// { -// return super.createStagedContent(s); -// } -// -// protected Element doStage1(WebSession s) throws Exception -// { -// return injectableQuery(s); -// } -// -// protected Element doStage2(WebSession s) throws Exception -// { -// return parameterizedQuery(s); -// } -// -// protected Element injectableQuery(WebSession s) -// { -// ElementContainer ec = new ElementContainer(); -// -// try -// { -// Connection connection = DatabaseUtilities.getConnection(s); -// -// ec.addElement(makeAccountLine(s)); -// -// String query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'"; -// ec.addElement(new PRE(query)); -// -// try -// { -// Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, -// ResultSet.CONCUR_READ_ONLY); -// ResultSet results = statement.executeQuery(query); -// -// if ((results != null) && (results.first() == true)) -// { -// ResultSetMetaData resultsMetaData = results.getMetaData(); -// ec.addElement(DatabaseUtilities.writeTable(results, resultsMetaData)); -// results.last(); -// -// // If they get back more than one user they succeeded -// if (results.getRow() >= 6) -// { -// makeSuccess(s); -// getLessonTracker(s).setStage(2); -// -// StringBuffer msg = new StringBuffer(); -// -// msg.append(getLabelManager().get("StringSqlInjectionSecondStage")); -// -// s.setMessage(msg.toString()); -// } -// } -// else -// { -// ec.addElement(getLabelManager().get("NoResultsMatched")); -// } -// } catch (SQLException sqle) -// { -// ec.addElement(new P().addElement(sqle.getMessage())); -// sqle.printStackTrace(); -// } -// } catch (Exception e) -// { -// s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName()); -// e.printStackTrace(); -// } -// -// return (ec); -// } + + protected AttackResult injectableQuery(String accountName) + { + try + { + Connection connection = DatabaseUtilities.getConnection(); + String query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'"; + + try + { + Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, + ResultSet.CONCUR_READ_ONLY); + ResultSet results = statement.executeQuery(query); + + if ((results != null) && (results.first() == true)) + { + ResultSetMetaData resultsMetaData = results.getMetaData(); + StringBuffer output = new StringBuffer(); + + output.append(writeTable(results, resultsMetaData)); + results.last(); + + // If they get back more than one user they succeeded + if (results.getRow() >= 6) + { + return trackProgress(AttackResult.success("You have succeed: " + output.toString())); + } else { + return trackProgress(AttackResult.failed("You are close, try again. ")); + } + + } + else + { + return trackProgress(AttackResult.failed("No Results Matched. Try Again. ")); + +// output.append(getLabelManager().get("NoResultsMatched")); + } + } catch (SQLException sqle) + { + return trackProgress(AttackResult.failed(sqle.getMessage())); + } + } catch (Exception e) + { + return trackProgress(AttackResult.failed( "ErrorGenerating" + this.getClass().getName())); + } + } + + public String writeTable(ResultSet results, ResultSetMetaData resultsMetaData) throws IOException, + SQLException + { + int numColumns = resultsMetaData.getColumnCount(); + results.beforeFirst(); + StringBuffer t = new StringBuffer(); + + if (results.next()) + { + for (int i = 1; i < (numColumns + 1); i++) + { + t.append(resultsMetaData.getColumnName(i)); + t.append(", "); + } + + t.append(System.getProperty("line.separator")); + results.beforeFirst(); + + while (results.next()) + { + + for (int i = 1; i < (numColumns + 1); i++) + { + t.append(results.getString(i)); + t.append(", "); + } + + t.append(System.getProperty("line.separator")); + } + + return (t.toString()); + } + else + { + return ("Query Successful; however no data was returned from this query."); + } + } // // protected Element parameterizedQuery(WebSession s) // { diff --git a/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html b/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html index 6f11c9d0f..cc1b46cb4 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html +++ b/webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html @@ -56,7 +56,7 @@ enctype="application/json;charset=UTF-8"> - +
Name:Account Name: