implemented assignment 4, some other changes
This commit is contained in:
philippesteinbach
Nanne Baars
parent
7733ea0c85
commit
6b669df025
@ -68,8 +68,8 @@ public class SqlInjectionLesson2 extends AssignmentEndpoint {
|
||||
StringBuffer output = new StringBuffer();
|
||||
|
||||
results.first();
|
||||
output.append(results);
|
||||
// user completes lesson if department is "Marketing"
|
||||
// what if other employee with same dept is result?
|
||||
if (results.getString("department").equals("Marketing")) {
|
||||
output.append(SqlInjectionLesson8.generateTable(results));
|
||||
return trackProgress(success().feedback("sql-injection.2.success").output(output.toString()).build());
|
||||
|
||||
@ -67,12 +67,8 @@ public class SqlInjectionLesson3 extends AssignmentEndpoint {
|
||||
Statement check_statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
|
||||
ResultSet.CONCUR_READ_ONLY);
|
||||
statement.executeUpdate(_query);
|
||||
ResultSet _results = check_statement.executeQuery("SELECT department from employees where last_name='Barnett';");
|
||||
|
||||
ResultSet _results = check_statement.executeQuery("SELECT * FROM employees WHERE last_name='Barnett';");
|
||||
StringBuffer output = new StringBuffer();
|
||||
|
||||
_results.first();
|
||||
output.append(_results);
|
||||
// user completes lesson if the department of Tobi Barnett now is 'Sales'
|
||||
if (_results.getString("department").equals("Sales")) {
|
||||
output.append(SqlInjectionLesson8.generateTable(_results));
|
||||
|
||||
@ -1,5 +1,89 @@
|
||||
|
||||
package org.owasp.webgoat.plugin.introduction;
|
||||
|
||||
public class SqlInjectionLesson4 {
|
||||
import org.owasp.webgoat.assignments.AssignmentEndpoint;
|
||||
import org.owasp.webgoat.assignments.AssignmentHints;
|
||||
import org.owasp.webgoat.assignments.AssignmentPath;
|
||||
import org.owasp.webgoat.assignments.AttackResult;
|
||||
import org.owasp.webgoat.session.DatabaseUtilities;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.sql.*;
|
||||
|
||||
|
||||
/***************************************************************************************************
|
||||
*
|
||||
*
|
||||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
|
||||
* please see http://www.owasp.org/
|
||||
*
|
||||
* Copyright (c) 2002 - 20014 Bruce Mayhew
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it under the terms of the
|
||||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
|
||||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along with this program; if
|
||||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
* 02111-1307, USA.
|
||||
*
|
||||
* Getting Source ==============
|
||||
*
|
||||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
|
||||
* projects.
|
||||
*
|
||||
* For details, please see http://webgoat.github.io
|
||||
*
|
||||
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
|
||||
* @created October 28, 2003
|
||||
*/
|
||||
@AssignmentPath("/SqlInjection/attack4")
|
||||
@AssignmentHints(value = {"SqlStringInjectionHint4a1", "SqlStringInjectionHint4a2"})
|
||||
public class SqlInjectionLesson4 extends AssignmentEndpoint {
|
||||
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public
|
||||
@ResponseBody
|
||||
AttackResult completed(@RequestParam String query) {
|
||||
return injectableQuery(query);
|
||||
}
|
||||
|
||||
protected AttackResult injectableQuery(String _query) {
|
||||
try {
|
||||
Connection connection = DatabaseUtilities.getConnection(getWebSession());
|
||||
String query = _query;
|
||||
|
||||
try {
|
||||
Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
|
||||
ResultSet.CONCUR_READ_ONLY);
|
||||
Statement check_statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
|
||||
ResultSet.CONCUR_READ_ONLY);
|
||||
statement.executeUpdate(_query);
|
||||
ResultSet _results = check_statement.executeQuery("SELECT phone from employees;");
|
||||
ResultSetMetaData _resultMetaData = _results.getMetaData();
|
||||
StringBuffer output = new StringBuffer();
|
||||
// user completes lesson if column phone exists
|
||||
if (_results.first()) {
|
||||
output.append(SqlInjectionLesson8.generateTable(_results));
|
||||
return trackProgress(success().feedbackArgs(output.toString()).build());
|
||||
} else {
|
||||
return trackProgress(failed().output(output.toString()).build());
|
||||
}
|
||||
|
||||
} catch (SQLException sqle) {
|
||||
|
||||
return trackProgress(failed().output(sqle.getMessage()).build());
|
||||
}
|
||||
} catch (Exception e) {
|
||||
return trackProgress(failed().output(this.getClass().getName() + " : " + e.getMessage()).build());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -65,13 +65,13 @@
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/SqlInjection/attack"
|
||||
action="/WebGoat/SqlInjection/attack4"
|
||||
enctype="application/json;charset=UTF-8"
|
||||
autocomplete="off">
|
||||
<table>
|
||||
<tr>
|
||||
<td><label>SQL query</label></td>
|
||||
<td><input name="name" value="" type="TEXT" placeholder="SQL query"/></td>
|
||||
<td><input name="query" value="" type="TEXT" placeholder="SQL query"/></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><button type="SUBMIT">Submit</button></td>
|
||||
@ -90,13 +90,13 @@
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
method="POST" name="form"
|
||||
action="/WebGoat/SqlInjection/attack"
|
||||
action="/WebGoat/SqlInjection/attack5"
|
||||
enctype="application/json;charset=UTF-8"
|
||||
autocomplete="off">
|
||||
<table>
|
||||
<tr>
|
||||
<td><label>SQL query</label></td>
|
||||
<td><input name="name" value="" type="TEXT" placeholder="SQL query"/></td>
|
||||
<td><input name="query" value="" type="TEXT" placeholder="SQL query"/></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><button type="SUBMIT">Submit</button></td>
|
||||
|
||||
@ -11,15 +11,14 @@ If an attacker uses a SQL injection of the DDL type to manipulate your database,
|
||||
* DROP - delete objects from the database
|
||||
* Example:
|
||||
** CREATE TABLE Employees( +
|
||||
IdNum INT NOT NULL, +
|
||||
LName VARCHAR (20) NOT NULL, +
|
||||
FName VARCHAR (20) NOT NULL, +
|
||||
JobCode VARCHAR (3) NOT NULL, +
|
||||
Salary DECIMAL (18, 2), +
|
||||
Phone VARCHAR (20), +
|
||||
PRIMARY KEY (IdNum) +
|
||||
userid varchar(6) not null primary key, +
|
||||
first_name varchar(20), +
|
||||
last_name varchar(20), +
|
||||
department varchar(20), +
|
||||
salary varchar(10), +
|
||||
auth_tan varchar(6) +
|
||||
);
|
||||
** This statement creates the employees example table given on page 2.
|
||||
|
||||
Now try to modify the schneme by removing the column "Phone" from the table "Employees":
|
||||
Now try to modify the scheme by adding the column "phone" to the table "employees":
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user