From 75a174ff7bb9512357b21a49aa278e2f95c21125 Mon Sep 17 00:00:00 2001 From: Jeffrey Wagner Date: Fri, 6 Sep 2019 21:12:55 -0400 Subject: [PATCH] Fixed description and grammer --- .../SqlInjection_introduction_content8.adoc | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content8.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content8.adoc index 9903db79d..a9be7fce0 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content8.adoc +++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content8.adoc @@ -1,26 +1,26 @@ == Compromising confidentiality with String SQL injection -If a system is vulnerable to SQL injections it is also easy to compromise aspects of the CIA triad _(if you are unfamiliar with the CIA triad check out the CIA triad lesson in the general category)_. -In the following three lessons, you will learn how to use simple SQL injection attacks to compromise each of the three. Per example by using _SQL string injections_ or _query chaining_. +If a system is vulnerable to SQL injections, aspets of that system's CIA triad can be easily compromoised _(if you are unfamiliar with the CIA triad, check out the CIA triad lesson in the general category)_. +In the following three lessons you will learn how to compromise each aspect of the CIA triad using teachniques like _SQL string injections_ or _query chaining_. -This lesson, we will take a look at *confidentiality*. -Confidentiality can easily be compromised if an attacker uses SQL injection to read sensitive data from the database. For example reading credit card numbers or passwords. +In this lesson we will look at *confidentiality*. +Confidentiality can be easily compromised by an attacker using SQL injection to read sensitive data like credit card numbers from a database. === What is String SQL injection? -If queries are build dynamically in the application by concatenating strings to it, this makes it very susceptible to String SQL injection. + -If the input takes a string and that one gets inserted into the query as a string parameter, then you can easily manipulate the build query by using quotation marks to form the string to your specific needs. -You could per example end the string parameter with it and input your own SQL after that. +If queries are built dynamically in the application by concatenating strings to it, this makes it very susceptible to String SQL injection. + +If the input takes a string that gets inserted into a query as a string parameter, then you can easily manipulate the build query using quotation marks to form the string to your specific needs. +For example, you could end the string parameter with quotation marks and input your own SQL after that. === It is your turn! You are an employee named John *Smith* working for a big company. -The company has an internal system that allows all employees to see their own internal data, like the department they work in and their salary. +The company has an internal system that allows all employees to see their own internal data - like the department they work in and their salary. The system requires the employees to use a unique _authentication TAN_ to view their data. + Your current TAN is *3SL99A*. -Since you always have the urge to be the most earning employee you want to exploit the system and instead of viewing your own internal data _take a look at the data of all your colleagues_ to check their current salaries. +Since you always have the urge to be the most earning employee, you want to exploit the system and instead of viewing your own internal data, _ you want to take a look at the data of all your colleagues_ to check their current salaries. -Use the form below and try to retrieve all the employee data from the *employees* table. You should not need to know any specific names or TANs to get the information you need. + -You already found out that the query performing your request looks like that: +Use the form below and try to retrieve all employee data from the *employees* table. You should not need to know any specific names or TANs to get the information you need. + +You already found out that the query performing your request looks like this: ------------------------------------------------------------ "SELECT * FROM employees WHERE last_name = '" + name + "' AND auth_tan = '" + auth_tan + "'; ------------------------------------------------------------- \ No newline at end of file +------------------------------------------------------------