dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update database layout so that proposed solution works

Browse Source
This commit is contained in:
Matthias Grundmann 2018-06-12 17:36:44 +02:00
parent 268adbcf7e
commit 56fc983414
No known key found for this signature in database
GPG Key ID: CF3BB4CEC9904593
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
webgoat-container/src/main/java/org/owasp/webgoat/session/CreateDB.java
View File

@ -232,7 +232,7 @@ public class CreateDB {
// Create the new table // Create the new table
try { try {
String createTableStatement = "CREATE TABLE user_system_data (" + "userid varchar(5) not null primary key," String createTableStatement = "CREATE TABLE user_system_data (" + "userid int not null primary key,"
+ "user_name varchar(12)," + "password varchar(10)," + "cookie varchar(30)" + ")"; + "user_name varchar(12)," + "password varchar(10)," + "cookie varchar(30)" + ")";
statement.executeUpdate(createTableStatement); statement.executeUpdate(createTableStatement);
} catch (SQLException e) { } catch (SQLException e) {
@ -240,11 +240,11 @@ public class CreateDB {
} }
// Populate // Populate
String insertData1 = "INSERT INTO user_system_data VALUES ('101','jsnow','passwd1', '')"; String insertData1 = "INSERT INTO user_system_data VALUES (101,'jsnow','passwd1', '')";
String insertData2 = "INSERT INTO user_system_data VALUES ('102','jdoe','passwd2', '')"; String insertData2 = "INSERT INTO user_system_data VALUES (102,'jdoe','passwd2', '')";
String insertData3 = "INSERT INTO user_system_data VALUES ('103','jplane','passwd3', '')"; String insertData3 = "INSERT INTO user_system_data VALUES (103,'jplane','passwd3', '')";
String insertData4 = "INSERT INTO user_system_data VALUES ('104','jeff','jeff', '')"; String insertData4 = "INSERT INTO user_system_data VALUES (104,'jeff','jeff', '')";
String insertData5 = "INSERT INTO user_system_data VALUES ('105','dave','dave', '')"; String insertData5 = "INSERT INTO user_system_data VALUES (105,'dave','passW0rD', '')";
statement.executeUpdate(insertData1); statement.executeUpdate(insertData1);
statement.executeUpdate(insertData2); statement.executeUpdate(insertData2);
statement.executeUpdate(insertData3); statement.executeUpdate(insertData3);

2
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6a.adoc
View File

@ -3,7 +3,7 @@
Lets try to exploit a join to another table. One of the tables in the WebGoat database is: Lets try to exploit a join to another table. One of the tables in the WebGoat database is:
------------------------------------------------------- -------------------------------------------------------
CREATE TABLE user_system_data (userid varchar(5) not null primary key, CREATE TABLE user_system_data (userid int not null primary key,
user_name varchar(12), user_name varchar(12),
password varchar(10), password varchar(10),
cookie varchar(30)); cookie varchar(30));