dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added my improved assignments

Browse Source
This commit is contained in:
Tobias Melzer
2018-11-12 20:16:16 +01:00
committed by Nanne Baars
parent 551f87dbd9
commit 718b113f86
11 changed files with 364 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -12,9 +12,18 @@ SqlInjectionChallenge3=Use tooling to automate this attack
sql-injection.error=<span class='feedback-negative'>Sorry, this solution is not correct. Try again!</span>
NoResultsMatched=No results matched. Try Again.
SqlStringInjectionHint6=Try Appending a new SQL Statement to the Query.
SqlStringInjectionHint7=The new SQL Statement can be really simple like: SELECT ... FROM ...
SqlStringInjectionHint8=Your new SQL Query should start, with a " ; " and end with " -- "
SqlInjectionChallengeHint1=The Table Name is randomized at each start of Webgoat, try to figure out the name first.
SqlInjectionChallengeHint2=Find the Field which is vulnerable to SQL Injection use that to change the password.
SqlInjectionChallengeHint3=Change the password through an Update Statement.
SqlInjectionChallengeHint4=The Vulnerable Field is the Username Field of the Register form.
SqlStringInjectionHint5b1=Try to check which of the input fields is susceptible to an injection attack.
SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. Th Output should tell you if this field is injectable.
SqlStringInjectionHint5b3=The first Input field is not susceptible to sql injection.
SqlStringInjectionHint5b4=You don't need to insert any quotations into your injection-string.
SqlStringInjectionHint6a1=Try Appending stuff like ",1" to your query, to figure out how many columns there are.
SqlStringInjectionHint6a2=When using a UNION the number of columns, from both tables should match.
SqlStringInjectionHint6a3=The UNION should contain 7 columns.
SqlStringInjectionHint6a4=Try using these columns in your union: userid, user_name, password, cookie, cookie, cookie, userid.
SqlStringInjectionHint9=Try sorting and look at the request
SqlStringInjectionHint10=Intercept the request and try to specify a different order by
SqlStringInjectionHint10a1=First establish a connection, after that you can create a statement.