dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added more hints

Browse Source
This commit is contained in:
Benedikt - Desktop 2018-11-06 11:21:25 +01:00 committed by Nanne Baars
parent 6fe7582dfb
commit 26e3803de0
8 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson10.java
View File

@ -14,6 +14,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
import java.sql.*;
@AssignmentPath("/SqlInjection/attack10")
@AssignmentHints(value = {"SqlStringInjectionHint10-1", "SqlStringInjectionHint10-2", "SqlStringInjectionHint10-3", "SqlStringInjectionHint10-4", "SqlStringInjectionHint10-5", "SqlStringInjectionHint10-6"})
public class SqlInjectionLesson10 extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)

1
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson8.java
View File

@ -78,6 +78,7 @@ public class SqlInjectionLesson8 extends AssignmentEndpoint {
while (results.next()) {
t.append("<tr>");
for (int i = 1; i < (numColumns + 1); i++) {
System.out.println(results.getString(i));
t.append("<td>" + results.getString(i) + "</td>");
}
t.append("</tr>");

7
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson9.java
View File

@ -48,7 +48,7 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint {
} catch (Exception e) {
System.err.println(e.getMessage());
return trackProgress(failed().output(this.getClass().getName() + " : " + e.getMessage()).build());
return trackProgress(failed().output("<br><span style='color: red;'>" + this.getClass().getName() + " : " + e.getMessage() + "</span>").build());
}
}
@ -59,11 +59,10 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint {
ResultSet results = statement.executeQuery(query);
results.first();
System.out.println(results.getString(2));
System.out.println(results.getString(3));
// user completes lesson if John Smith is the first in the list
if ((results.getString(2).equals("John")) && (results.getString(3).equals("Smith"))) {
output.append(SqlInjectionLesson8.generateTable(results, results.getMetaData()));
return trackProgress(success().feedback("sql-injection.9.success").feedbackArgs(output.toString()).build());
} else {
return trackProgress(failed().output(output.toString()).build());
@ -71,7 +70,7 @@ public class SqlInjectionLesson9 extends AssignmentEndpoint {
} catch (SQLException e) {
System.err.println(e.getMessage());
return trackProgress(failed().output(e.getMessage()).build());
return trackProgress(failed().output("<br><span style='color: red;'>" + e.getMessage() + "</span>").build());
}
}

7
webgoat-lessons/sql-injection/src/main/resources/css/assignments.css Normal file
View File

@ -0,0 +1,7 @@
.attack-feedback {
color: green;
}
.attack-feedback table {
color: black;
}

3
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html
View File

@ -1,6 +1,7 @@
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_plan.adoc"></div>
@ -25,7 +26,7 @@
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content5_before.adoc"></div>
<div>
<label for="username-preview">Username:</label>
<label for="preview-input">Username:</label>
<input id="preview-input" type="text" name="username" val=""/>
<div class="listingblock">
<div class="content">

7
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -54,3 +54,10 @@ SqlStringInjectionHint9-4=Make sure that the resulting query is syntactically co
SqlStringInjectionHint9-5=How about something like '; UPDATE employees....
sql-injection.10.success=Success! You successfully deleted the access_log table and that way compromised the availability of the data.
SqlStringInjectionHint10-1=Use the techniques that you have learned before.
SqlStringInjectionHint10-2=The application takes your input and filters for entries that are LIKE it.
SqlStringInjectionHint10-3=Try query chaining to reach the goal.
SqlStringInjectionHint10-4=The DDL allows you to delete (DROP) database tables.
SqlStringInjectionHint10-5=The underlying sql query looks like that: "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'".
SqlStringInjectionHint10-6=Remember that you can use the -- metacharacter to comment out the rest of the line.

2
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content9.adoc
View File

@ -1,7 +1,7 @@
== Compromising Integrity with Query Chaining
After compromising the confidentiality of data in the previous lesson, this time we are gonna compromise the integrity of data by using a SQL query chaining.
== What is SQL query chaining?
=== What is SQL query chaining?
Query chaining is exactly what it sounds like. When query chaining, you try to append one or more queries to the end of the actual query.
You can do this by using the *;* metacharacter which marks the end of a query and that way allows to start another one right after it within the same line.

2
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_plan.adoc
View File

@ -2,7 +2,7 @@
This lesson describes what is Structured Query Language (SQL) and how it can be manipulated to perform tasks that were not the original intent of the developer.
== Goals
=== Goals
* The user will have a basic understanding of how SQL works and what it is used for
* The user will have a basic understanding of what SQL-Injections are and how they work