Added more hints
This commit is contained in:
		
				
					committed by
					
						 Nanne Baars
						Nanne Baars
					
				
			
			
				
	
			
			
			
						parent
						
							6fe7582dfb
						
					
				
				
					commit
					26e3803de0
				
			| @ -14,6 +14,7 @@ import org.springframework.web.bind.annotation.ResponseBody; | ||||
| import java.sql.*; | ||||
|  | ||||
| @AssignmentPath("/SqlInjection/attack10") | ||||
| @AssignmentHints(value = {"SqlStringInjectionHint10-1", "SqlStringInjectionHint10-2", "SqlStringInjectionHint10-3", "SqlStringInjectionHint10-4", "SqlStringInjectionHint10-5", "SqlStringInjectionHint10-6"}) | ||||
| public class SqlInjectionLesson10 extends AssignmentEndpoint { | ||||
|  | ||||
|     @RequestMapping(method = RequestMethod.POST) | ||||
|  | ||||
| @ -78,6 +78,7 @@ public class SqlInjectionLesson8 extends AssignmentEndpoint { | ||||
|             while (results.next()) { | ||||
|                 t.append("<tr>"); | ||||
|                 for (int i = 1; i < (numColumns + 1); i++) { | ||||
|                     System.out.println(results.getString(i)); | ||||
|                     t.append("<td>" + results.getString(i) + "</td>"); | ||||
|                 } | ||||
|                 t.append("</tr>"); | ||||
|  | ||||
| @ -48,7 +48,7 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint { | ||||
|  | ||||
|         } catch (Exception e) { | ||||
|             System.err.println(e.getMessage()); | ||||
|             return trackProgress(failed().output(this.getClass().getName() + " : " + e.getMessage()).build()); | ||||
|             return trackProgress(failed().output("<br><span style='color: red;'>" + this.getClass().getName() + " : " + e.getMessage() + "</span>").build()); | ||||
|         } | ||||
|     } | ||||
|  | ||||
| @ -59,11 +59,10 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint { | ||||
|             ResultSet results = statement.executeQuery(query); | ||||
|  | ||||
|             results.first(); | ||||
|             System.out.println(results.getString(2)); | ||||
|             System.out.println(results.getString(3)); | ||||
|  | ||||
|             // user completes lesson if John Smith is the first in the list | ||||
|             if ((results.getString(2).equals("John")) && (results.getString(3).equals("Smith"))) { | ||||
|                 output.append(SqlInjectionLesson8.generateTable(results, results.getMetaData())); | ||||
|                 return trackProgress(success().feedback("sql-injection.9.success").feedbackArgs(output.toString()).build()); | ||||
|             } else { | ||||
|                 return trackProgress(failed().output(output.toString()).build()); | ||||
| @ -71,7 +70,7 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint { | ||||
|  | ||||
|         } catch (SQLException e) { | ||||
|             System.err.println(e.getMessage()); | ||||
|             return trackProgress(failed().output(e.getMessage()).build()); | ||||
|             return trackProgress(failed().output("<br><span style='color: red;'>" + e.getMessage() + "</span>").build()); | ||||
|         } | ||||
|     } | ||||
|  | ||||
|  | ||||
| @ -0,0 +1,7 @@ | ||||
| .attack-feedback { | ||||
|     color: green; | ||||
| } | ||||
|  | ||||
| .attack-feedback table { | ||||
|     color: black; | ||||
| } | ||||
| @ -1,6 +1,7 @@ | ||||
| <!DOCTYPE html> | ||||
|  | ||||
| <html xmlns:th="http://www.thymeleaf.org"> | ||||
| <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/> | ||||
|  | ||||
| <div class="lesson-page-wrapper"> | ||||
|     <div class="adoc-content" th:replace="doc:SqlInjection_introduction_plan.adoc"></div> | ||||
| @ -25,7 +26,7 @@ | ||||
| <div class="lesson-page-wrapper"> | ||||
|     <div class="adoc-content" th:replace="doc:SqlInjection_introduction_content5_before.adoc"></div> | ||||
|     <div> | ||||
|         <label for="username-preview">Username:</label> | ||||
|         <label for="preview-input">Username:</label> | ||||
|         <input id="preview-input" type="text" name="username" val=""/> | ||||
|         <div class="listingblock"> | ||||
|             <div class="content"> | ||||
|  | ||||
| @ -54,3 +54,10 @@ SqlStringInjectionHint9-4=Make sure that the resulting query is syntactically co | ||||
| SqlStringInjectionHint9-5=How about something like '; UPDATE employees.... | ||||
|  | ||||
| sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data. | ||||
|  | ||||
| SqlStringInjectionHint10-1=Use the techniques that you have learned before. | ||||
| SqlStringInjectionHint10-2=The application takes your input and filters for entries that are LIKE it. | ||||
| SqlStringInjectionHint10-3=Try query chaining to reach the goal. | ||||
| SqlStringInjectionHint10-4=The DDL allows you to delete (DROP) database tables. | ||||
| SqlStringInjectionHint10-5=The underlying sql query looks like that: "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'". | ||||
| SqlStringInjectionHint10-6=Remember that you can use the -- metacharacter to comment out the rest of the line. | ||||
| @ -1,7 +1,7 @@ | ||||
| == Compromising Integrity with Query Chaining | ||||
| After compromising the confidentiality of data in the previous lesson, this time we are gonna compromise the integrity of data by using a SQL query chaining. | ||||
|  | ||||
| == What is SQL query chaining? | ||||
| === What is SQL query chaining? | ||||
| Query chaining is exactly what it sounds like. When query chaining, you try to append one or more queries to the end of the actual query. | ||||
| You can do this by using the *;* metacharacter which marks the end of a query and that way allows to start another one right after it within the same line. | ||||
|  | ||||
|  | ||||
| @ -2,7 +2,7 @@ | ||||
|  | ||||
| This lesson describes what is Structured Query Language (SQL) and how it can be manipulated to perform tasks that were not the original intent of the developer. | ||||
|  | ||||
| == Goals | ||||
| === Goals | ||||
|  | ||||
| * The user will have a basic understanding of how SQL works and what it is used for | ||||
| * The user will have a basic understanding of what SQL-Injections are and how they work | ||||
|  | ||||
		Reference in New Issue
	
	Block a user