dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#839: fix the SQL statement as this one does not express that the orderBy clause input is user input

Browse Source
This commit is contained in:
Nanne Baars 2020-10-22 21:34:05 +02:00 committed by Nanne Baars
parent dac011db78
commit 7b8523dcab
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content13.adoc
View File

@ -6,7 +6,7 @@ Answer: No it does not
Let us take a look at the following statement:
----
SELECT * FROM users ORDER BY lastname;
"SELECT * FROM users ORDER BY " + sortColumName + ";"
----
If we look at the specification of the SQL grammar the definition is as follows: