From 3d8a345264113d3324c9097226b38d9869d8a4ab Mon Sep 17 00:00:00 2001 From: nbaars Date: Wed, 7 Jan 2015 17:34:33 +0100 Subject: [PATCH] Added the resource bundles in the already present WebGoatLabels.properties temporary workaround --- .../org/owasp/webgoat/util/LabelProvider.java | 7 ++++++- src/main/resources/WebGoatLabels.properties | 14 ++++++++++++++ .../plugin_lessons/SqlStringInjection-1.0.jar | Bin 437697 -> 437423 bytes 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/owasp/webgoat/util/LabelProvider.java b/src/main/java/org/owasp/webgoat/util/LabelProvider.java index ad6ffe4ff..8126c9eb0 100644 --- a/src/main/java/org/owasp/webgoat/util/LabelProvider.java +++ b/src/main/java/org/owasp/webgoat/util/LabelProvider.java @@ -1,10 +1,11 @@ package org.owasp.webgoat.util; +import org.springframework.stereotype.Component; + import java.util.HashMap; import java.util.Locale; import java.util.ResourceBundle; -import org.springframework.stereotype.Component; /*************************************************************************************************** @@ -52,6 +53,10 @@ public class LabelProvider return labels.get(locale).getString(strName); } + public void addLabels() { + + } + private class WebGoatResourceBundleController extends ResourceBundle.Control { private final Locale fallbackLocale = new Locale(DEFAULT_LANGUAGE); diff --git a/src/main/resources/WebGoatLabels.properties b/src/main/resources/WebGoatLabels.properties index 21e1a6125..3d9db4fda 100644 --- a/src/main/resources/WebGoatLabels.properties +++ b/src/main/resources/WebGoatLabels.properties @@ -4,4 +4,18 @@ RestartLesson=Restart this Lesson SolutionVideos=Solution Videos ErrorGenerating=Error generating InvalidData=Invalid Data +Go!=Go! + + +#StringSqlInjection.java +StringSqlInjectionSecondStage=Now that you have successfully performed an SQL injection, try the same type of attack on a parameterized query. Restart the lesson if you wish to return to the injectable query. +EnterLastName=Enter your last name: +NoResultsMatched=No results matched. Try Again. +SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command. +SqlStringInjectionHint2=This is the code for the query being built and issued by WebGoat:

"SELECT * FROM user_data WHERE last_name = "accountName" +SqlStringInjectionHint3=Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. Try appending a SQL statement that always resolves to true +SqlStringInjectionHint4=Try entering [ smith' OR '1' = '1 ]. + + + diff --git a/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar b/src/main/webapp/plugin_lessons/SqlStringInjection-1.0.jar index a934e3f78bea159c5a95f8727a5424fff0c401c1..698175bb830752e2d6b6ca654417a79e04a168c6 100644 GIT binary patch delta 2096 zcmZuy3p7+)7(R1mW)mhRQjMbVh&z`kk1n}FOr9Z+25C{cArZI4o$^SN^deJjk21-O z7$FI*OGVFHx2DIWhh9^WN=mDjsN8e5N8Ro{Yn}Cd``_RH@4e6Y|9`jMW!2naF?>C# zG!=||^0SS1G7PDZ0IR(SnaYztOqnIP)QGP|3PjN@sLGc>KIU392%)bRBojNFU zG!obRV7!KVBM&y!7vXAZG(rVc4i951?k{v=T0_$^z)D-` z@0}xeR6AaCbg=d1GN%{kr|e#=9UUA^-`YM$5qa<2%gAZl_62p`TI%CWX)SSoQ7aOO z9>(G#%s@|`)uiO%(HY0*Q;Q;+q8qLl=4m#&cpYB8{atEZTtn|qA}7mcU)zrBr{}94 zGfXK zJ&77oTpM5R=y2&hZqq0Xe;BA=Wxq`8 z*6yz2_FBjL+uOXK9P+wd7W-u_|E+Ch>lsxZt0}6EXEU9DBeKhYBM|6?j^kc9DL*F#c3p{qj@jh5dtt&GdkTz4lhi5o+?uC04iI=Q+m z{dH-FR-s6rO)?ynM~G-)ft?Cq8gV^vSKNPG92@ka{_2{h*t6t8&hyv?rk{ z9}nKYpSdQG;o7v&#?7HfO?IMBVO&=C_7UEu6|-cI#enmr(-OPYkGq~GG|UXUAQjx- zHbeT0`z_hL0rlMak6T)1x-{R8nHKI@?J}-ES?Sor_YEHg+TIsFeIyF)*Bq$}WsJv6qxaf9w1yWwV6!k zOeQ;v$)+?i*?75#G-Nfm;KWO9Y;K{wJA+(b3zR2#MqyYxpL7jvoV1A^5=CkolU~v5 zvJo>)20E&Ud1L}324ac1Aae|r=m@Z{0B{g7Dg<*8Sy2drsB1SEH=Zd3w{T5D#NE5e z+LTZ1a0BrYr-2bwz$0z^HYb%+78=-V!RLsQkGWd)zR%oUILT5)%H3+VByz=(hCcq2 zg#3t$Khw9EShe;FX2)p-_&HcUut=|Hy}7-r@bnlNR0=q!8(8b-RXle^y`Ny~=isJ_ z&SzGy^Mj7d6%$>}ca7`P;l44SY&7o+|G81W;!g{?$=8}RUr!3Iszn{`YcQi2Sdj;V z$BMxmMEZ+?B_b9gV28*`(ePA_2%!E12Sp$lO@;0Ui$;hJY}*fM3x0&5Q0d}2vL&^ zTcRc4cl3itI~fhWkbtPE#2NpSTf|R6k2phpf^a8p2_re&H#?$&P|yk;CpJh%<7g46F5^>=j)}I95*^UN|`H_AOH}EaYEqa@|ok zhjM`0JPa=6Izhx63vZMICYwBky>aHcv@KT&8N{0iaONjt#YXK3!2lhw-3x!pwB=*PI z0C!XZ8<>*`=;~x%4W$*TVwgZG7UYl$E~*V8nI<_64&KfOn73UOhyM9*x(?&0M0lBY*4(IL&O4}$iRVL3V|l<6#*4}WsIml?q6oBS$`0> y7!EMZc{Bw1lf>UVSf<}^`hSXb)KQ#~x|duTEi?hX+6Po%Wfjl>;roaMuzvuW90;ZW delta 2353 zcmZWr2~<(6e`sQgs{}I8SG7f zAiD$*WNWIgg&+bsSQnrzB0RtrLF6HNipLTW-p#O8U(T8Q-~9hK-^|=Q|39~GK)r2H zU4iLFB*`PvpLaGTN5O!21UEJX#Q980PMRJ4SF{woaQ) zMOdr}N(YS*oHj+D|HRpY9)u%wiA-qE5ksLJC2B*9k_@3WCGCLLk7P^4SI4Jw-w8zi99P&{F(Ujpt${J(Cr9h$as(kqpYnOtA2zg7>tqM;zkJne<(KlS5xUn)~{p!@=Prtv~!H>(_V9DjF8= z&SZR$&^m6`8KzzfuG8!9<X4i%oCxydNbz%R^kW2_OUQ(yU*ADn@kCsGkZ0O!B_Eg)f?@Q+1 z4U~LeL5Qw-%d-(CchfvsBeN`t!H8a~VZLyJt1!FG$MrXk4}E_WSxsikJ~1ijz%mGcnjUn){8xz;`a@L3@m1 zCzUiG>oE`gu`lR}mF}biaV+ss!NeP7M8K&fwM9M9p;AG;e}XfMo8UShGq0L+EwsRk zIbxDwl0XJ3j+)ETwhNA({4nwQ_rj$Mmv7YEk`Jd<(l z&n-|B+#BKrlOq26ipwg?4m}ao)!Wr=Jev_R)j+x8$3p8TXOGhr&2qUWdch#=aCm(l zQ=t1rRkc7_CpuW(D)+mmHMGoq)9y9Cl3VYuW-F)%6mc6yiIQR^f0F~hY_FW0sX3dM zyd}PSPASC2dLY4=l0x6|oW`PFYC0w6p7FTJP`@dTn9Ym9L+g~oZwyP3pwD6&{ebb3a~4Iyt$!SS>hY9ZmnkqBK7X>+@s*6;!ikchjd`;z z_l?X*J{4c)hQ~~JHNQF0xNWh1!-mE8?Go9Qg0YT-NRxY;O7l{-{-WNol)nX2V4r^7q6Gwz3&}OStUl%;zceyX%ci zJQk0}(-SXsMdlgIzum}mBcNM|c*O=wB^!(60~_g1unInKl9o&C1s_;Lpj8NVLEvAw z9O4%OSbDMPLU0s@=-0uq6`+B&UkB8+o?g*%FQf<@hwjcI5CnlqF}MIhc`<<30@hy) zY@ugk34j*_cBlmGhtCl!0q$^#<0Zfc0_RfT2LXQtNLGMP8Hj;3eXU4iPs+e)9ej^8 zNmvWf125dxc;TkQTWjgBEKyIDlY?4w0#sD7mNGzw;&;k{2KrP3^QZuHOs4`ULXD>n zyL|5A!*&r6B={qZ5-lk;8nQabbL0v=}Cv7t3bYpoc#tnQbk}iy3 zi^(#wRy)n3B0gVzTgW=;;ifqnC0%6QLy_(g^b^%O5z5&~w8LgvQA6xd<+5x*CD0&N zuw_<4I##ykVNw4ls~@XSyEh#{Z1O){Z0M`Cv6!C#D8dI5A;4v|zXVV=Fb)`DlLA22 z#j}8RiCR|ELq-q>O}u@y?>$KXi_8MHm|NAdOkfo*b1ECU9o9}JK1!NT_~}#Ix41aP z1IWSshp9X044OswiCFlFuzZG>n6$r5gBY)NHX)0Ps(Aow;{g+lUcJ1&)i4fruXd!| zfF-UYHe3kgW!52h;$m&p_zHzf0hb+re;cdGjB8xR+sCIVhY#m<#