dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix 6a6b page

Browse Source
This commit is contained in:
Rene Zubcevic 2019-07-22 15:36:31 +02:00
parent b65644edee
commit 7ad3996f2f
3 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionLesson6a.java
View File

@ -83,7 +83,7 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint {
if (output.toString().contains("dave") && output.toString().contains("passW0rD")) {
output.append(appendingWhenSucceded);
return trackProgress(informationMessage().feedback("sql-injection.advanced.6a.success").feedbackArgs(output.toString()).output(" Your query was: " + query).build());
return trackProgress(success().feedback("sql-injection.advanced.6a.success").feedbackArgs(output.toString()).output(" Your query was: " + query).build());
} else {
return trackProgress(failed().output(output.toString() + "<br> Your query was: " + query).build());
}

2
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
View File

@ -18,7 +18,7 @@
<div class="adoc-content" th:replace="doc:SqlInjection_content6a.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="att-form" accept-charset="UNKNOWN"
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjectionAdvanced/attack6a"
enctype="application/json;charset=UTF-8">

3
webgoat-lessons/sql-injection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
View File

@ -62,7 +62,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjectionAdvanced/attack6a")
.param("userid_6a", "Smith'; SELECT * from user_system_data; --"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.lessonCompleted", is(false)))
.andExpect(jsonPath("$.lessonCompleted", is(true)))
.andExpect(jsonPath("$.feedback", containsString("passW0rD")));
}
@ -82,6 +82,7 @@ public class SqlInjectionLesson6aTest extends LessonTest {
.param("userid_6a", "S'; Select * from user_system_data; --"))
.andExpect(status().isOk())
.andExpect(jsonPath("$.lessonCompleted", is(true)))
.andExpect(jsonPath("$.feedback", containsString("UNION")));
}
}