diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
index 7c7494025..44f61be4f 100755
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
@@ -135,15 +135,17 @@ public class DBCrossSiteScripting extends GoatHillsFinancial
String stage = getStage(s);
if (STAGE1.equals(stage))
{
- instructions = "Execute a Stored Cross Site Scripting (XSS) attack.
"
- + "For this exercise, your mission is to cause the application to serve a script of your making "
- + " to some other user.";
+ instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.
"
+ + "As 'Tom', execute a Stored XSS attack against the Street field on the Edit Profile page. "
+ + "Verify that 'Jerry' is affected by the attack. "
+ + "A sample JavaScript snippet you can use is: <SCRIPT>alert('bang!');</SCRIPT>.";
}
else if (STAGE2.equals(stage))
{
- instructions = "Block Stored XSS using Input Validation.
"
- + "You will modify the stored procedure in the database to perform input validation on the vulnerable input field "
- + "you just exploited.";
+ instructions = "Stage 2: Block Stored XSS using Input Validation.
"
+ + "Implement a fix in the stored procedure to prevent the stored XSS from being written to the database. "
+ + "A sample regluar expression pattern: ^[a-zA-Z0-9,\\. ]{0,80}$ "
+ + "Repeat stage 1 as 'Eric' with 'David' as the manager. Verify that 'David' is not affected by the attack.";
}
}
@@ -252,4 +254,4 @@ public class DBCrossSiteScripting extends GoatHillsFinancial
return ! getWebgoatContext().getDatabaseDriver().contains("oracle");
}
-}
+}
\ No newline at end of file
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
index fdb94a858..33ddcdf43 100755
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
@@ -143,16 +143,20 @@ public class DBSQLInjection extends GoatHillsFinancial
String stage = getStage(s);
if (STAGE1.equals(stage))
{
- instructions = "Use String SQL Injection to bypass authentication. "
+ instructions = "Stage 1: Use String SQL Injection to bypass authentication. "
+ "The goal here is to login as the user "
+ PRIZE_EMPLOYEE_NAME
+ ", who is in the Admin group. "
- + "You do not have the password, but the form is SQL injectable.";
+ + "You do not have the password, but the form is SQL injectable. "
+ + "View the EMPLOYEE_LOGIN stored procedure and see if you can "
+ + "determine why the exploit exists.";
}
else if (STAGE2.equals(stage))
{
- instructions = "Use bind variables.
"
- + "Update the stored procedure in the database to use bind variables, rather than string concatenation";
+ instructions = "Stage 2: Use bind variables.
"
+ + "Using the Squirrel SQL Client, update the EMPLOYEE_LOGIN stored procedure in the database "
+ + "to use bind variables, rather than string concatenation. "
+ + "Repeat the SQL Injection attack. Verify that the attack is no longer effective.";
}
}
@@ -252,4 +256,4 @@ public class DBSQLInjection extends GoatHillsFinancial
}
-}
+}
\ No newline at end of file
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java
index 216995641..b550429e9 100755
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java
@@ -43,11 +43,11 @@ CREATE OR REPLACE PROCEDURE UPDATE_EMPLOYEE(
v_personal_description IN employee.personal_description%type
)
AS
- P_ADDRESS1 VARCHAR2(32000) := '^[a-zA-Z0-9,\. ]{0,80}$'; // Stage 2 - FIX
+ P_ADDRESS1 VARCHAR2(100) := '^[a-zA-Z0-9,\. ]{0,80}$';
BEGIN
- IF NOT REGEXP_LIKE(v_address1, P_ADDRESS1) THEN // Stage 2 - FIX
- RAISE VALUE_ERROR; // Stage 2 - FIX
- END IF; // Stage 2 - FIX
+ IF NOT REGEXP_LIKE(v_address1, P_ADDRESS1) THEN
+ RAISE VALUE_ERROR;
+ END IF;
UPDATE EMPLOYEE
SET
first_name = v_first_name,
diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java
index feaca5c63..0b46b80b4 100755
--- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java
+++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java
@@ -18,7 +18,7 @@ END;
* OR
CREATE OR REPLACE PROCEDURE EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS
- stmt VARCHAR(32767);
+ stmt VARCHAR(1000);
v_userid NUMBER;
BEGIN
stmt := 'SELECT USERID FROM EMPLOYEE WHERE USERID = :1 AND PASSWORD = :2';