Added more hints
This commit is contained in:
Benedikt - Desktop
Nanne Baars
parent
6fe7582dfb
commit
26e3803de0
@ -14,6 +14,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import java.sql.*;
|
||||
|
||||
@AssignmentPath("/SqlInjection/attack10")
|
||||
@AssignmentHints(value = {"SqlStringInjectionHint10-1", "SqlStringInjectionHint10-2", "SqlStringInjectionHint10-3", "SqlStringInjectionHint10-4", "SqlStringInjectionHint10-5", "SqlStringInjectionHint10-6"})
|
||||
public class SqlInjectionLesson10 extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
|
||||
@ -78,6 +78,7 @@ public class SqlInjectionLesson8 extends AssignmentEndpoint {
|
||||
while (results.next()) {
|
||||
t.append("<tr>");
|
||||
for (int i = 1; i < (numColumns + 1); i++) {
|
||||
System.out.println(results.getString(i));
|
||||
t.append("<td>" + results.getString(i) + "</td>");
|
||||
}
|
||||
t.append("</tr>");
|
||||
|
||||
@ -48,7 +48,7 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint {
|
||||
|
||||
} catch (Exception e) {
|
||||
System.err.println(e.getMessage());
|
||||
return trackProgress(failed().output(this.getClass().getName() + " : " + e.getMessage()).build());
|
||||
return trackProgress(failed().output("<br><span style='color: red;'>" + this.getClass().getName() + " : " + e.getMessage() + "</span>").build());
|
||||
}
|
||||
}
|
||||
|
||||
@ -59,11 +59,10 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint {
|
||||
ResultSet results = statement.executeQuery(query);
|
||||
|
||||
results.first();
|
||||
System.out.println(results.getString(2));
|
||||
System.out.println(results.getString(3));
|
||||
|
||||
// user completes lesson if John Smith is the first in the list
|
||||
if ((results.getString(2).equals("John")) && (results.getString(3).equals("Smith"))) {
|
||||
output.append(SqlInjectionLesson8.generateTable(results, results.getMetaData()));
|
||||
return trackProgress(success().feedback("sql-injection.9.success").feedbackArgs(output.toString()).build());
|
||||
} else {
|
||||
return trackProgress(failed().output(output.toString()).build());
|
||||
@ -71,7 +70,7 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint {
|
||||
|
||||
} catch (SQLException e) {
|
||||
System.err.println(e.getMessage());
|
||||
return trackProgress(failed().output(e.getMessage()).build());
|
||||
return trackProgress(failed().output("<br><span style='color: red;'>" + e.getMessage() + "</span>").build());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -0,0 +1,7 @@
|
||||
.attack-feedback {
|
||||
color: green;
|
||||
}
|
||||
|
||||
.attack-feedback table {
|
||||
color: black;
|
||||
}
|
||||
@ -1,6 +1,7 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_plan.adoc"></div>
|
||||
@ -25,7 +26,7 @@
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content5_before.adoc"></div>
|
||||
<div>
|
||||
<label for="username-preview">Username:</label>
|
||||
<label for="preview-input">Username:</label>
|
||||
<input id="preview-input" type="text" name="username" val=""/>
|
||||
<div class="listingblock">
|
||||
<div class="content">
|
||||
|
||||
@ -53,4 +53,11 @@ SqlStringInjectionHint9-3=Make use of DML to change your salary.
|
||||
SqlStringInjectionHint9-4=Make sure that the resulting query is syntactically correct.
|
||||
SqlStringInjectionHint9-5=How about something like '; UPDATE employees....
|
||||
|
||||
sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data.
|
||||
sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data.
|
||||
|
||||
SqlStringInjectionHint10-1=Use the techniques that you have learned before.
|
||||
SqlStringInjectionHint10-2=The application takes your input and filters for entries that are LIKE it.
|
||||
SqlStringInjectionHint10-3=Try query chaining to reach the goal.
|
||||
SqlStringInjectionHint10-4=The DDL allows you to delete (DROP) database tables.
|
||||
SqlStringInjectionHint10-5=The underlying sql query looks like that: "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'".
|
||||
SqlStringInjectionHint10-6=Remember that you can use the -- metacharacter to comment out the rest of the line.
|
||||
@ -1,7 +1,7 @@
|
||||
== Compromising Integrity with Query Chaining
|
||||
After compromising the confidentiality of data in the previous lesson, this time we are gonna compromise the integrity of data by using a SQL query chaining.
|
||||
|
||||
== What is SQL query chaining?
|
||||
=== What is SQL query chaining?
|
||||
Query chaining is exactly what it sounds like. When query chaining, you try to append one or more queries to the end of the actual query.
|
||||
You can do this by using the *;* metacharacter which marks the end of a query and that way allows to start another one right after it within the same line.
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
This lesson describes what is Structured Query Language (SQL) and how it can be manipulated to perform tasks that were not the original intent of the developer.
|
||||
|
||||
== Goals
|
||||
=== Goals
|
||||
|
||||
* The user will have a basic understanding of how SQL works and what it is used for
|
||||
* The user will have a basic understanding of what SQL-Injections are and how they work
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user