dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix lesson it no marks it as solved if the user uses a different username

Browse Source
This commit is contained in:
Nanne Baars 2021-03-29 11:02:50 +02:00 committed by Nanne Baars
parent f7d3fd586e
commit 59c96f9890
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallengeLogin.java
View File

@ -48,14 +48,14 @@ public class SqlInjectionChallengeLogin extends AssignmentEndpoint {
@ResponseBody @ResponseBody
public AttackResult login(@RequestParam String username_login, @RequestParam String password_login) throws Exception { public AttackResult login(@RequestParam String username_login, @RequestParam String password_login) throws Exception {
try (var connection = dataSource.getConnection()) { try (var connection = dataSource.getConnection()) {
PreparedStatement statement = connection.prepareStatement("select password from sql_challenge_users where userid = ? and password = ?"); var statement = connection.prepareStatement("select password from sql_challenge_users where userid = ? and password = ?");
statement.setString(1, username_login); statement.setString(1, username_login);
statement.setString(2, password_login); statement.setString(2, password_login);
ResultSet resultSet = statement.executeQuery(); var resultSet = statement.executeQuery();
if (resultSet.next()) { if (resultSet.next()) {
return ("tom".equals(username_login)) ? success(this).build() return ("tom".equals(username_login)) ? success(this).build()
: success(this).feedback("ResultsButNotTom").build(); : failed(this).feedback("ResultsButNotTom").build();
} else { } else {
return failed(this).feedback("NoResultsMatched").build(); return failed(this).feedback("NoResultsMatched").build();
} }