dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SQL injection add hints #470

Browse Source
This commit is contained in:
Nanne Baars 2019-02-09 16:41:46 +01:00
parent 5bc48193b6
commit 941ca5e9a1
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java
View File

@ -3,6 +3,7 @@ package org.owasp.webgoat.plugin.advanced;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.RandomStringUtils;
import org.owasp.webgoat.assignments.AssignmentEndpoint; import org.owasp.webgoat.assignments.AssignmentEndpoint;
import org.owasp.webgoat.assignments.AssignmentHints;
import org.owasp.webgoat.assignments.AssignmentPath; import org.owasp.webgoat.assignments.AssignmentPath;
import org.owasp.webgoat.assignments.AttackResult; import org.owasp.webgoat.assignments.AttackResult;
import org.owasp.webgoat.session.DatabaseUtilities; import org.owasp.webgoat.session.DatabaseUtilities;
@ -23,6 +24,7 @@ import static org.springframework.web.bind.annotation.RequestMethod.POST;
* @since 4/8/17. * @since 4/8/17.
*/ */
@AssignmentPath("SqlInjection/challenge") @AssignmentPath("SqlInjection/challenge")
@AssignmentHints(value = {"SqlInjectionChallenge1", "SqlInjectionChallenge2", "SqlInjectionChallenge3"})
@Slf4j @Slf4j
public class SqlInjectionChallenge extends AssignmentEndpoint { public class SqlInjectionChallenge extends AssignmentEndpoint {

3
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -6,6 +6,9 @@ sql.injection.title=SQL Injection
sql.mitigation.title=SQL Injection (mitigation) sql.mitigation.title=SQL Injection (mitigation)
sql.advanced.title=SQL Injection (advanced) sql.advanced.title=SQL Injection (advanced)
SqlInjectionChallenge1=Look at the different response you receive from the server
SqlInjectionChallenge2=The vulnerability is on the register form
SqlInjectionChallenge3=Use tooling to automate this attack
NoResultsMatched=No results matched. Try Again. NoResultsMatched=No results matched. Try Again.
SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command. SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command.