dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update the DB lessons

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@230 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes 2008-01-10 10:10:10 +00:00
parent d9cf56268e
commit 8b21a7785e
4 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBCrossSiteScripting/DBCrossSiteScripting.java
View File

@ -135,15 +135,17 @@ public class DBCrossSiteScripting extends GoatHillsFinancial
String stage = getStage(s); String stage = getStage(s);
if (STAGE1.equals(stage)) if (STAGE1.equals(stage))
{ {
instructions = "Execute a Stored Cross Site Scripting (XSS) attack.<br>" instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.<br>"
+ "For this exercise, your mission is to cause the application to serve a script of your making " + "As 'Tom', execute a Stored XSS attack against the Street field on the Edit Profile page. "
+ " to some other user."; + "Verify that 'Jerry' is affected by the attack. "
+ "A sample JavaScript snippet you can use is: &lt;SCRIPT&gt;alert('bang!');&lt;/SCRIPT&gt;.";
} }
else if (STAGE2.equals(stage)) else if (STAGE2.equals(stage))
{ {
instructions = "Block Stored XSS using Input Validation.<br>" instructions = "Stage 2: Block Stored XSS using Input Validation.<br>"
+ "You will modify the stored procedure in the database to perform input validation on the vulnerable input field " + "Implement a fix in the stored procedure to prevent the stored XSS from being written to the database. "
+ "you just exploited."; + "A sample regluar expression pattern: ^[a-zA-Z0-9,\\. ]{0,80}$ "
+ "Repeat stage 1 as 'Eric' with 'David' as the manager. Verify that 'David' is not affected by the attack.";
} }
} }

12
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java
View File

@ -143,16 +143,20 @@ public class DBSQLInjection extends GoatHillsFinancial
String stage = getStage(s); String stage = getStage(s);
if (STAGE1.equals(stage)) if (STAGE1.equals(stage))
{ {
instructions = "Use String SQL Injection to bypass authentication. " instructions = "Stage 1: Use String SQL Injection to bypass authentication. "
+ "The goal here is to login as the user " + "The goal here is to login as the user "
+ PRIZE_EMPLOYEE_NAME + PRIZE_EMPLOYEE_NAME
+ ", who is in the Admin group. " + ", who is in the Admin group. "
+ "You do not have the password, but the form is SQL injectable."; + "You do not have the password, but the form is SQL injectable. "
+ "View the EMPLOYEE_LOGIN stored procedure and see if you can "
+ "determine why the exploit exists.";
} }
else if (STAGE2.equals(stage)) else if (STAGE2.equals(stage))
{ {
instructions = "Use bind variables.<br>" instructions = "Stage 2: Use bind variables.<br>"
+ "Update the stored procedure in the database to use bind variables, rather than string concatenation"; + "Using the Squirrel SQL Client, update the EMPLOYEE_LOGIN stored procedure in the database "
+ "to use bind variables, rather than string concatenation. "
+ "Repeat the SQL Injection attack. Verify that the attack is no longer effective.";
} }
} }

8
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java
View File

@ -43,11 +43,11 @@ CREATE OR REPLACE PROCEDURE UPDATE_EMPLOYEE(
v_personal_description IN employee.personal_description%type v_personal_description IN employee.personal_description%type
) )
AS AS
P_ADDRESS1 VARCHAR2(32000) := '^[a-zA-Z0-9,\. ]{0,80}$'; // Stage 2 - FIX P_ADDRESS1 VARCHAR2(100) := '^[a-zA-Z0-9,\. ]{0,80}$';
BEGIN BEGIN
IF NOT REGEXP_LIKE(v_address1, P_ADDRESS1) THEN // Stage 2 - FIX IF NOT REGEXP_LIKE(v_address1, P_ADDRESS1) THEN
RAISE VALUE_ERROR; // Stage 2 - FIX RAISE VALUE_ERROR;
END IF; // Stage 2 - FIX END IF;
UPDATE EMPLOYEE UPDATE EMPLOYEE
SET SET
first_name = v_first_name, first_name = v_first_name,

2
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java
View File

@ -18,7 +18,7 @@ END;
* OR * OR
CREATE OR REPLACE PROCEDURE EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS CREATE OR REPLACE PROCEDURE EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS
stmt VARCHAR(32767); stmt VARCHAR(1000);
v_userid NUMBER; v_userid NUMBER;
BEGIN BEGIN
stmt := 'SELECT USERID FROM EMPLOYEE WHERE USERID = :1 AND PASSWORD = :2'; stmt := 'SELECT USERID FROM EMPLOYEE WHERE USERID = :1 AND PASSWORD = :2';