dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved remotely

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@15 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2006-09-30 13:41:26 +00:00
parent 0465a6d6aa
commit 98949c00d8
155 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
webgoat/main/project/WebContent/lesson_plans/SqlStringInjection.html Normal file
View File

@ -0,0 +1,14 @@
<div align="Center">
<p><b>Lesson Plan Title:</b> How to Perform String SQL Injection </p>
</div>
<p><b>Concept / Topic To Teach:</b> </p>
<!-- Start Instructions -->
SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.
<br>
Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can be almost totally prevented. This lesson will show the student several examples of SQL injection.<br>
<br>
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queiries.<br>
<p><b>General Goal(s):</b> </p>
The form below allows a user to view their credit card numbers. Try to inject an SQL string that results in all the credit card numbers being displayed. Try the user name of 'Smith'.
<!-- Stop Instructions -->