dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Corrected typos and poor grammar found in the SQL Injection lessons.

Browse Source
This commit is contained in:
unknown 2021-04-01 16:50:32 -04:00 committed by Nanne Baars
parent ba2cb7d14f
commit 82198424df
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java
View File

@ -78,7 +78,7 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint {
String appendingWhenSucceded; String appendingWhenSucceded;
if (usedUnion) if (usedUnion)
appendingWhenSucceded = "Well done! Can you also figure out a solution, by appending a new Sql Statement?"; appendingWhenSucceded = "Well done! Can you also figure out a solution, by appending a new SQL Statement?";
else else
appendingWhenSucceded = "Well done! Can you also figure out a solution, by using a UNION?"; appendingWhenSucceded = "Well done! Can you also figure out a solution, by using a UNION?";
results.last(); results.last();

2
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6.adoc
View File

@ -46,7 +46,7 @@ The UNION ALL Syntax also allows duplicate Values.
=== Joins === Joins
The Join operator is used to combine rows from two ore more tables, based on a related column The Join operator is used to combine rows from two or more tables, based on a related column
[source] [source]
----- -----

10
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6c.adoc
View File

@ -9,7 +9,7 @@ injection.
Let us first start with the difference between a normal SQL injection and a blind SQL injection. In a normal Let us first start with the difference between a normal SQL injection and a blind SQL injection. In a normal
SQL injection the error messages from the database are displayed and gives enough information to find out how SQL injection the error messages from the database are displayed and gives enough information to find out how
the query is working. Or in the case of an UNION based SQL injection the application does not reflect the information the query is working. Or in the case of a UNION based SQL injection the application does not reflect the information
directly on the web page. So in the case where nothing is displayed you will need to start asking the database questions directly on the web page. So in the case where nothing is displayed you will need to start asking the database questions
based on a true or false statement. That is why a blind SQL injection is much more difficult to exploit. based on a true or false statement. That is why a blind SQL injection is much more difficult to exploit.
@ -18,7 +18,7 @@ There are several different types of blind SQL injections: content-based and tim
=== Example === Example
In this case we are trying to ask the database a boolean question based on for example an unique id, for example In this case we are trying to ask the database a boolean question based on a unique id, for example
suppose we have the following url: `https://my-shop.com?article=4` suppose we have the following url: `https://my-shop.com?article=4`
On the server side this query will be translated as follows: On the server side this query will be translated as follows:
@ -39,7 +39,7 @@ If the browser responds with a page not found or something else you know a blind
You can now change the SQL query and test for example: `https://shop.example.com?article=4 AND 1=2` which will not return You can now change the SQL query and test for example: `https://shop.example.com?article=4 AND 1=2` which will not return
anything because the query returns false. anything because the query returns false.
So but how do we actually take advantage of this? Above we only asked the database for trivial question but you can How do we actually take advantage of this? Above we only asked the database a trivial question but you can
for example also use the following url: `https://shop.example.com?article=4 AND substring(database_version(),1,1) = 2` for example also use the following url: `https://shop.example.com?article=4 AND substring(database_version(),1,1) = 2`
Most of the time you start by finding which type of database is used, based on the type of database you can find Most of the time you start by finding which type of database is used, based on the type of database you can find
@ -50,8 +50,8 @@ system tables cannot be queried with the user used to connect from the web appli
Another way is called a time-based SQL injection, in this case you will ask the database to wait before returning Another way is called a time-based SQL injection, in this case you will ask the database to wait before returning
the result. You might need to use this if you are totally blind so there is no difference between the response you the result. You might need to use this if you are totally blind. This means there is no difference between the response data.
can use for example: To achieve this kind of SQL injection you could use:
---- ----
article = 4; sleep(10) -- article = 4; sleep(10) --