dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed wrong Hint in SqlInjection Assignment 5a/b

Browse Source
This commit is contained in:
Tobias-Melzer 2018-12-17 00:29:02 +01:00 committed by Nanne Baars
parent 0588daff9d
commit 4878ea637e
5 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java
View File

@ -46,7 +46,7 @@ import java.sql.*;
* @created October 28, 2003
*/
@AssignmentPath("/SqlInjection/attack5")
@AssignmentHints(value = {"SqlStringInjectionHint5-1"})
@AssignmentHints(value = {"SqlStringInjectionHint5-a"})
public class SqlInjectionLesson5 extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5a.java
View File

@ -44,7 +44,7 @@ import java.sql.*;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@AssignmentPath("/SqlInjection/attack5a")
@AssignmentPath("/SqlInjection/assignment5a")
public class SqlInjectionLesson5a extends AssignmentEndpoint {
@RequestMapping(method = RequestMethod.POST)

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5b.java
View File

@ -46,7 +46,7 @@ import java.sql.*;
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
@AssignmentPath("/SqlInjection/attack5b")
@AssignmentPath("/SqlInjection/assignment5b")
@AssignmentHints(value = {"SqlStringInjectionHint5b1", "SqlStringInjectionHint5b2", "SqlStringInjectionHint5b3", "SqlStringInjectionHint5b4"})
public class SqlInjectionLesson5b extends AssignmentEndpoint {

4
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html
View File

@ -147,7 +147,7 @@
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack5a"
action="/WebGoat/SqlInjection/assignment5a"
enctype="application/json;charset=UTF-8">
<table>
<tr>
@ -191,7 +191,7 @@
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack5b"
action="/WebGoat/SqlInjection/assignment5b"
enctype="application/json;charset=UTF-8">
<table>
<tr>

4
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -22,7 +22,7 @@ SqlStringInjectionHint4-1=ALTER TABLE alters the structure of an existing databa
SqlStringInjectionHint4-2=Don't forget the data type of the new column (e.g. varchar(size) or int(size))
SqlStringInjectionHint4-3=ALTER TABLE tablename ADD columnname data type(size);
SqlStringInjectionHint5-1=Look at the example. There's everything you'll need.
SqlStringInjectionHint5-a=Look at the example. There's everything you'll need.
sql-injection.5a.success=<span class='feedback-positive'>You have succeed: {0}</span>
sql-injection.5a.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
@ -30,7 +30,7 @@ sql-injection.5b.success=<span class='feedback-positive'>You have succeed: {0}</
sql-injection.5b.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
SqlStringInjectionHint5b1=Try to check which of the input fields is susceptible to an injection attack.
SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. Th Output should tell you if this field is injectable.
SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. The Output should tell you if this field is injectable.
SqlStringInjectionHint5b3=The first Input field is not susceptible to sql injection.
SqlStringInjectionHint5b4=You don't need to insert any quotations into your injection-string.