dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added a new lessons for sql injections on "Compromising confidentiality with String SQL Injection"

Browse Source
This commit is contained in:
Benedikt - Desktop
2018-11-05 15:47:09 +01:00
committed by Nanne Baars
parent 083eb1b567
commit 75b1895122
5 changed files with 195 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -44,3 +44,12 @@ sql-injection.6a.no.results=No results matched. Try Again.
sql-injection.6b.success=You have succeeded: {0}
sql-injection.6b.no.results=No results matched. Try Again.
sql-injection.8.success=You have succeed: {0}
sql-injection.8.no.results=No employee found with matching lastname. Or maybe your authentication TAN is incorrect?
SqlStringInjectionHint8-1=The application is taking your input and inserting the values into the variables 'name' and 'auth_tan' of the pre-formed SQL command.
SqlStringInjectionHint8-2=Compound SQL statements can be made by expanding the WHERE clause of the statement with keywords like AND and OR.
SqlStringInjectionHint8-3=Try appending a SQL statement that always resolves to true.
SqlStringInjectionHint8-4=Make sure all quotes (" ' ") are opened and closed properly so the resulting SQL query is syntactically correct.
SqlStringInjectionHint8-5=Try extending the WHERE clause of the statement by adding something like: ' OR '1' = '1.