From 82198424df61bf4e39986c4159aa083dc7d6fead Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 1 Apr 2021 16:50:32 -0400 Subject: [PATCH] Corrected typos and poor grammar found in the SQL Injection lessons. --- .../sql_injection/advanced/SqlInjectionLesson6a.java | 2 +- .../lessonPlans/en/SqlInjection_content6.adoc | 2 +- .../lessonPlans/en/SqlInjection_content6c.adoc | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java index 89ca589eb..ed6642baa 100644 --- a/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java +++ b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java @@ -78,7 +78,7 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint { String appendingWhenSucceded; if (usedUnion) - appendingWhenSucceded = "Well done! Can you also figure out a solution, by appending a new Sql Statement?"; + appendingWhenSucceded = "Well done! Can you also figure out a solution, by appending a new SQL Statement?"; else appendingWhenSucceded = "Well done! Can you also figure out a solution, by using a UNION?"; results.last(); diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6.adoc index eaa85f902..63ea9e834 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6.adoc +++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6.adoc @@ -46,7 +46,7 @@ The UNION ALL Syntax also allows duplicate Values. === Joins -The Join operator is used to combine rows from two ore more tables, based on a related column +The Join operator is used to combine rows from two or more tables, based on a related column [source] ----- diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6c.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6c.adoc index b7bd0b165..1ed75d232 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6c.adoc +++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6c.adoc @@ -9,7 +9,7 @@ injection. Let us first start with the difference between a normal SQL injection and a blind SQL injection. In a normal SQL injection the error messages from the database are displayed and gives enough information to find out how -the query is working. Or in the case of an UNION based SQL injection the application does not reflect the information +the query is working. Or in the case of a UNION based SQL injection the application does not reflect the information directly on the web page. So in the case where nothing is displayed you will need to start asking the database questions based on a true or false statement. That is why a blind SQL injection is much more difficult to exploit. @@ -18,7 +18,7 @@ There are several different types of blind SQL injections: content-based and tim === Example -In this case we are trying to ask the database a boolean question based on for example an unique id, for example +In this case we are trying to ask the database a boolean question based on a unique id, for example suppose we have the following url: `https://my-shop.com?article=4` On the server side this query will be translated as follows: @@ -39,7 +39,7 @@ If the browser responds with a page not found or something else you know a blind You can now change the SQL query and test for example: `https://shop.example.com?article=4 AND 1=2` which will not return anything because the query returns false. -So but how do we actually take advantage of this? Above we only asked the database for trivial question but you can +How do we actually take advantage of this? Above we only asked the database a trivial question but you can for example also use the following url: `https://shop.example.com?article=4 AND substring(database_version(),1,1) = 2` Most of the time you start by finding which type of database is used, based on the type of database you can find @@ -50,8 +50,8 @@ system tables cannot be queried with the user used to connect from the web appli Another way is called a time-based SQL injection, in this case you will ask the database to wait before returning -the result. You might need to use this if you are totally blind so there is no difference between the response you -can use for example: +the result. You might need to use this if you are totally blind. This means there is no difference between the response data. +To achieve this kind of SQL injection you could use: ---- article = 4; sleep(10) --