dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Trying to wire up the DB connection and fill out first sql stub

Browse Source
This commit is contained in:
mayhew64
2016-11-15 22:40:24 -05:00
parent ec2fc5a77c
commit 24b2e79dc5
4 changed files with 104 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
webgoat-container/src/main/java/org/owasp/webgoat/session/DatabaseUtilities.java
View File

@ -7,6 +7,8 @@ import java.sql.SQLException;
import java.util.HashMap;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
/**
*************************************************************************************************
@ -42,6 +44,8 @@ public class DatabaseUtilities
private static Map<String, Connection> connections = new HashMap<String, Connection>();
private static Map<String, Boolean> dbBuilt = new HashMap<String, Boolean>();
@Autowired
private static WebSession webSession;
/**
* <p>getConnection.</p>
@ -50,9 +54,9 @@ public class DatabaseUtilities
* @return a {@link java.sql.Connection} object.
* @throws java.sql.SQLException if any.
*/
public static Connection getConnection(WebSession s) throws SQLException
public static Connection getConnection() throws SQLException
{
return getConnection(s.getUserName(), s.getWebgoatContext());
return getConnection(webSession.getUserName(), webSession.getWebgoatContext());
}
/**

4
webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java
View File

@ -62,8 +62,8 @@ public class WebSession {
* @return a {@link java.sql.Connection} object.
* @throws java.sql.SQLException if any.
*/
public static synchronized Connection getConnection(WebSession s) throws SQLException {
return DatabaseUtilities.getConnection(s);
public static synchronized Connection getConnection() throws SQLException {
return DatabaseUtilities.getConnection();
}
/**

186
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson.java → webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionLesson5a.java
View File

@ -2,11 +2,17 @@
package org.owasp.webgoat.plugin;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.ResultSetMetaData;
import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.http.HttpServletRequest;
import org.owasp.webgoat.lessons.Assignment;
import org.owasp.webgoat.lessons.model.AttackResult;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
@ -44,106 +50,104 @@ import org.springframework.web.bind.annotation.ResponseBody;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class SqlInjectionLesson extends Assignment {
public class SqlInjectionLesson5a extends Assignment {
@RequestMapping(method = RequestMethod.POST)
public @ResponseBody AttackResult completed(@RequestParam String person, HttpServletRequest request) throws IOException {
if (!person.toString().equals("")) {
return trackProgress(AttackResult.success("The server has reversed your name: " + new StringBuffer(person).reverse().toString()));
} else {
return trackProgress(AttackResult.failed("You are close, try again"));
}
public @ResponseBody AttackResult completed(@RequestParam String answer, HttpServletRequest request) throws IOException {
System.out.println("answer:" + answer);
return injectableQuery(answer);
}
@Override
public String getPath() {
return "/SqlInjection/attack1";
return "/SqlInjection/attack5a";
}
// private final static String ACCT_NAME = "account_name";
//
// private static String STAGE = "stage";
//
// private String accountName;
//
// /**
// * Description of the Method
// *
// * @param s
// * Description of the Parameter
// * @return Description of the Return Value
// */
// protected Element createContent(WebSession s)
// {
// return super.createStagedContent(s);
// }
//
// protected Element doStage1(WebSession s) throws Exception
// {
// return injectableQuery(s);
// }
//
// protected Element doStage2(WebSession s) throws Exception
// {
// return parameterizedQuery(s);
// }
//
// protected Element injectableQuery(WebSession s)
// {
// ElementContainer ec = new ElementContainer();
//
// try
// {
// Connection connection = DatabaseUtilities.getConnection(s);
//
// ec.addElement(makeAccountLine(s));
//
// String query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";
// ec.addElement(new PRE(query));
//
// try
// {
// Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
// ResultSet.CONCUR_READ_ONLY);
// ResultSet results = statement.executeQuery(query);
//
// if ((results != null) && (results.first() == true))
// {
// ResultSetMetaData resultsMetaData = results.getMetaData();
// ec.addElement(DatabaseUtilities.writeTable(results, resultsMetaData));
// results.last();
//
// // If they get back more than one user they succeeded
// if (results.getRow() >= 6)
// {
// makeSuccess(s);
// getLessonTracker(s).setStage(2);
//
// StringBuffer msg = new StringBuffer();
//
// msg.append(getLabelManager().get("StringSqlInjectionSecondStage"));
//
// s.setMessage(msg.toString());
// }
// }
// else
// {
// ec.addElement(getLabelManager().get("NoResultsMatched"));
// }
// } catch (SQLException sqle)
// {
// ec.addElement(new P().addElement(sqle.getMessage()));
// sqle.printStackTrace();
// }
// } catch (Exception e)
// {
// s.setMessage(getLabelManager().get("ErrorGenerating") + this.getClass().getName());
// e.printStackTrace();
// }
//
// return (ec);
// }
protected AttackResult injectableQuery(String accountName)
{
try
{
Connection connection = DatabaseUtilities.getConnection();
String query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";
try
{
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet results = statement.executeQuery(query);
if ((results != null) && (results.first() == true))
{
ResultSetMetaData resultsMetaData = results.getMetaData();
StringBuffer output = new StringBuffer();
output.append(writeTable(results, resultsMetaData));
results.last();
// If they get back more than one user they succeeded
if (results.getRow() >= 6)
{
return trackProgress(AttackResult.success("You have succeed: " + output.toString()));
} else {
return trackProgress(AttackResult.failed("You are close, try again. "));
}
}
else
{
return trackProgress(AttackResult.failed("No Results Matched. Try Again. "));
// output.append(getLabelManager().get("NoResultsMatched"));
}
} catch (SQLException sqle)
{
return trackProgress(AttackResult.failed(sqle.getMessage()));
}
} catch (Exception e)
{
return trackProgress(AttackResult.failed( "ErrorGenerating" + this.getClass().getName()));
}
}
public String writeTable(ResultSet results, ResultSetMetaData resultsMetaData) throws IOException,
SQLException
{
int numColumns = resultsMetaData.getColumnCount();
results.beforeFirst();
StringBuffer t = new StringBuffer();
if (results.next())
{
for (int i = 1; i < (numColumns + 1); i++)
{
t.append(resultsMetaData.getColumnName(i));
t.append(", ");
}
t.append(System.getProperty("line.separator"));
results.beforeFirst();
while (results.next())
{
for (int i = 1; i < (numColumns + 1); i++)
{
t.append(results.getString(i));
t.append(", ");
}
t.append(System.getProperty("line.separator"));
}
return (t.toString());
}
else
{
return ("Query Successful; however no data was returned from this query.");
}
}
//
// protected Element parameterizedQuery(WebSession s)
// {

2
webgoat-lessons/sql-injection/src/main/resources/plugin/SqlInjection/html/SqlInjection.html
View File

@ -56,7 +56,7 @@
enctype="application/json;charset=UTF-8">
<table>
<tr>
<td>Name:</td>
<td>Account Name:</td>
<td><input name="answer" value="" type="TEXT" /></td>
<td></td>
</tr>