Restructured the baseline to remove extra src/main directory structure. Added eclipes project file
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64@gmail.com
@ -0,0 +1,51 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||||
<title>Solution Lab SQL Injection Stage4</title>
|
||||
<link rel="stylesheet" type="text/css"
|
||||
href="lesson_solutions/formate.css">
|
||||
</head>
|
||||
<body>
|
||||
<p><b>Lesson Plan Title:</b> How to Perform a SQLInjection</p>
|
||||
|
||||
<p><b>Concept / Topic To Teach:</b><br />
|
||||
SQL injection attacks represent a serious threat to any database-driven
|
||||
site. The methods behind an attack are easy to learn and the damage
|
||||
caused can range from considerable to complete system compromise.
|
||||
Despite these risks, an incredible number of systems on the internet are
|
||||
susceptible to this form of attack.</p>
|
||||
|
||||
<p>Not only is it a threat easily instigated, it is also a threat
|
||||
that, with a little common-sense and forethought, can easily be
|
||||
prevented.</p>
|
||||
|
||||
<p>It is always good practice to sanitize all input data, especially
|
||||
data that will used in OS command, scripts, and database queiries, even
|
||||
if the threat of SQL injection has been prevented in some other manner.
|
||||
</p>
|
||||
|
||||
<p><b>General Goal(s):</b><br />
|
||||
For this exercise, you will perform SQLInjection attacks. You will also
|
||||
implement code changes in the web application to defeat these attacks.</p>
|
||||
|
||||
<b>Solution:</b><br />
|
||||
The solution is simular to Stage2. That is why here is only a short solution.<br/>
|
||||
You have to alter the class org.owasp.webgoat.lessons.SQLInjection.ViewProfile.java<br/>
|
||||
Alter the method getEmployeeProfile to something like this:
|
||||
<pre><code>
|
||||
String query = "SELECT employee.* "
|
||||
+ "FROM employee,ownership WHERE employee.userid = ownership.employee_id and "
|
||||
+ "ownership.employer_id = ? and ownership.employee_id = ?";
|
||||
try
|
||||
{
|
||||
Connection connection = WebSession.getConnections(s);
|
||||
PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
|
||||
statement.setString(1, userId);
|
||||
statement.setString(2, subjectUserId);
|
||||
ResultSet answer_results = statement.executeQuery();
|
||||
etc...
|
||||
</code></pre>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user