dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed column name on sql injection lesson 7

Browse Source
This commit is contained in:
MaDuck 2018-05-28 16:54:44 +02:00 committed by Nanne Baars
parent 9a0995dae5
commit 9587550bc5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content5b.adoc
View File

@ -2,8 +2,8 @@
The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection: The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection:
------------------------------------------------------- --------------------------------------------------
"select * from users where employee_id = " + userID; "select * from users where USERID = " + userID;
------------------------------------------------------- --------------------------------------------------
Using the form below try to retrieve all the users from the users table. You shouldn't need to know any specific user name to get the complete list, however you can use '101' to see the data for one user. Using the form below try to retrieve all the users from the users table. You shouldn't need to know any specific user name to get the complete list, however you can use '101' to see the data for one user.