* Hints added

* Solutions added
* Bugfixes
* Introduction added (including how to start with webgoat and useful tools)
* New lesson: Password strength
* New lessons: Multi Level Login
* Not yet working new lesson: Session fixation (inital release)

git-svn-id: http://webgoat.googlecode.com/svn/trunk/webgoat@301 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
wirth.marcel
2008-04-07 14:28:38 +00:00
parent 84f01ba70a
commit 5d930ec235
137 changed files with 4230 additions and 479 deletions

View File

@ -616,38 +616,11 @@ style='font-family:"Arial","sans-serif"'>Solution:<o:p></o:p></span></b></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif";mso-no-proof:
yes'><!--[if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600"
o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f"
stroked="f">
<v:stroke joinstyle="miter"/>
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0"/>
<v:f eqn="sum @0 1 0"/>
<v:f eqn="sum 0 0 @1"/>
<v:f eqn="prod @2 1 2"/>
<v:f eqn="prod @3 21600 pixelWidth"/>
<v:f eqn="prod @3 21600 pixelHeight"/>
<v:f eqn="sum @0 0 1"/>
<v:f eqn="prod @6 1 2"/>
<v:f eqn="prod @7 21600 pixelWidth"/>
<v:f eqn="sum @8 21600 0"/>
<v:f eqn="prod @7 21600 pixelHeight"/>
<v:f eqn="sum @10 21600 0"/>
</v:formulas>
<v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
<o:lock v:ext="edit" aspectratio="t"/>
</v:shapetype><v:shape id="Picture_x0020_1509" o:spid="_x0000_i1027" type="#_x0000_t75"
style='width:480pt;height:276.75pt;visibility:visible;mso-wrap-style:square'>
<v:imagedata src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image001.png" o:title=""/>
</v:shape><![endif]--><![if !vml]><img width=640 height=369
src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image002.jpg" v:shapes="Picture_x0020_1509"><![endif]></span><span
style='font-family:"Arial","sans-serif"'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>The
application is taking your input and inserting it at the end of a pre-formed
application is taking the input from the select box and inserts it at the end of a pre-formed
SQL command.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Compound SQL
@ -657,46 +630,40 @@ Try appending a SQL statement that always resolves to true.<o:p></o:p></span></p
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>This is the
query: SELECT * FROM user_data WHERE userid = 101<o:p></o:p></span></p>
query: SELECT * FROM weather_data WHERE station = 101<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>What happens
if you insert 101 or 1=1?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Intercept the post request with WebScarab and replace 101 with 101 or 1=1!<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<center>
<img src = "/WebGoat/lesson_solutions/SqlNumericInjection_files/numericinjection.png" width=350px>
<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1510"
o:spid="_x0000_i1026" type="#_x0000_t75" style='width:480pt;height:276.75pt;
visibility:visible;mso-wrap-style:square'>
<v:imagedata src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image003.png" o:title=""/>
</v:shape><![endif]--><![if !vml]><img width=640 height=369
src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image004.jpg" v:shapes="Picture_x0020_1510"><![endif]></span></p>
<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
field-begin'></span><span style='mso-spacerun:yes'><3E></span>SEQ Figure \* ARABIC
<span style='mso-element:field-separator'></span><![endif]--><span
style='mso-no-proof:yes'>1</span><!--[if supportFields]><span style='mso-element:
field-end'></span><![endif]--> Numeric SQL Injection<span style='font-family:
field-end'></span><![endif]--> Intercepted Request with WebScarab<span style='font-family:
"Arial","sans-serif"'><o:p></o:p></span></p>
</center>
<br/>
<br/>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>As the SQL Statement is true for every station you get
a list of all stations:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p>&nbsp;</o:p></span></p>
<center>
<img src = "/WebGoat/lesson_solutions/SqlNumericInjection_files/numericinjection_solved.png" width=350px>
<p class=MsoNormal style='page-break-after:avoid'><span style='font-family:
"Arial","sans-serif";mso-no-proof:yes'><!--[if gte vml 1]><v:shape id="Picture_x0020_1511"
o:spid="_x0000_i1025" type="#_x0000_t75" style='width:480pt;height:276.75pt;
visibility:visible;mso-wrap-style:square'>
<v:imagedata src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image005.png" o:title=""/>
</v:shape><![endif]--><![if !vml]><img width=640 height=369
src="/WebGoat/lesson_solutions/SqlNumericInjection_files/image006.jpg" v:shapes="Picture_x0020_1511"><![endif]></span></p>
<p class=MsoCaption>Figure <!--[if supportFields]><span style='mso-element:
field-begin'></span><span style='mso-spacerun:yes'><3E></span>SEQ Figure \* ARABIC
<span style='mso-element:field-separator'></span><![endif]--><span
style='mso-no-proof:yes'>2</span><!--[if supportFields]><span style='mso-element:
field-end'></span><![endif]--> Lesson 17 Completed<span style='font-family:
field-end'></span><![endif]--> All stations are visible<span style='font-family:
"Arial","sans-serif"'><o:p></o:p></span></p>
</center>
<p class=MsoNormal><o:p>&nbsp;</o:p></p>