From 4878ea637e4ab31ac722e4a2cb4342fff470312f Mon Sep 17 00:00:00 2001 From: Tobias-Melzer Date: Mon, 17 Dec 2018 00:29:02 +0100 Subject: [PATCH] Fixed wrong Hint in SqlInjection Assignment 5a/b --- .../webgoat/plugin/introduction/SqlInjectionLesson5.java | 2 +- .../webgoat/plugin/introduction/SqlInjectionLesson5a.java | 2 +- .../webgoat/plugin/introduction/SqlInjectionLesson5b.java | 2 +- .../sql-injection/src/main/resources/html/SqlInjection.html | 4 ++-- .../src/main/resources/i18n/WebGoatLabels.properties | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java index 6adbd7f4a..118a0641e 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5.java @@ -46,7 +46,7 @@ import java.sql.*; * @created October 28, 2003 */ @AssignmentPath("/SqlInjection/attack5") -@AssignmentHints(value = {"SqlStringInjectionHint5-1"}) +@AssignmentHints(value = {"SqlStringInjectionHint5-a"}) public class SqlInjectionLesson5 extends AssignmentEndpoint { @RequestMapping(method = RequestMethod.POST) diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5a.java index 68a11f38a..a8fbaa0e4 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5a.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5a.java @@ -44,7 +44,7 @@ import java.sql.*; * @author Bruce Mayhew WebGoat * @created October 28, 2003 */ -@AssignmentPath("/SqlInjection/attack5a") +@AssignmentPath("/SqlInjection/assignment5a") public class SqlInjectionLesson5a extends AssignmentEndpoint { @RequestMapping(method = RequestMethod.POST) diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5b.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5b.java index b0bececef..b24316510 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5b.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson5b.java @@ -46,7 +46,7 @@ import java.sql.*; * @author Bruce Mayhew WebGoat * @created October 28, 2003 */ -@AssignmentPath("/SqlInjection/attack5b") +@AssignmentPath("/SqlInjection/assignment5b") @AssignmentHints(value = {"SqlStringInjectionHint5b1", "SqlStringInjectionHint5b2", "SqlStringInjectionHint5b3", "SqlStringInjectionHint5b4"}) public class SqlInjectionLesson5b extends AssignmentEndpoint { diff --git a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html index 8d3b99daf..d589c03f5 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html +++ b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html @@ -147,7 +147,7 @@
@@ -191,7 +191,7 @@
diff --git a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties index 6a8262240..9f5d1045d 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties +++ b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties @@ -22,7 +22,7 @@ SqlStringInjectionHint4-1=ALTER TABLE alters the structure of an existing databa SqlStringInjectionHint4-2=Don't forget the data type of the new column (e.g. varchar(size) or int(size)) SqlStringInjectionHint4-3=ALTER TABLE tablename ADD columnname data type(size); -SqlStringInjectionHint5-1=Look at the example. There's everything you'll need. +SqlStringInjectionHint5-a=Look at the example. There's everything you'll need. sql-injection.5a.success= sql-injection.5a.no.results= @@ -30,7 +30,7 @@ sql-injection.5b.success= SqlStringInjectionHint5b1=Try to check which of the input fields is susceptible to an injection attack. -SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. Th Output should tell you if this field is injectable. +SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. The Output should tell you if this field is injectable. SqlStringInjectionHint5b3=The first Input field is not susceptible to sql injection. SqlStringInjectionHint5b4=You don't need to insert any quotations into your injection-string.