Renamed to sqlinjection

src/main/resources/lessons/sqlinjection/db/migration/V2019_09_26_1__servers.sql

@@ -0,0 +1,13 @@
+CREATE TABLE SERVERS(
+  id varchar(10),
+  hostname varchar(20),
+  ip varchar(20),
+  mac varchar(20),
+  status varchar(20),
+  description varchar(40)
+);
+INSERT INTO SERVERS VALUES ('1', 'webgoat-dev', '192.168.4.0', 'AA:BB:11:22:CC:DD', 'online', 'Development server');
+INSERT INTO SERVERS VALUES ('2', 'webgoat-tst', '192.168.2.1', 'EE:FF:33:44:AB:CD', 'online', 'Test server');
+INSERT INTO SERVERS VALUES ('3', 'webgoat-acc', '192.168.3.3', 'EF:12:FE:34:AA:CC', 'offline', 'Acceptance server');
+INSERT INTO SERVERS VALUES ('4', 'webgoat-pre-prod', '192.168.6.4', 'EF:12:FE:34:AA:CC', 'offline', 'Pre-production server');
+INSERT INTO SERVERS VALUES ('4', 'webgoat-prd', '104.130.219.202', 'FA:91:EB:82:DC:73', 'out of order', 'Production server');

src/main/resources/lessons/sqlinjection/db/migration/V2019_09_26_2__users.sql

@@ -0,0 +1,24 @@
+CREATE TABLE user_data(
+  userid int not null,
+  first_name varchar(20),
+  last_name varchar(20),
+  cc_number varchar(30),
+  cc_type varchar(10),
+  cookie varchar(20),
+  login_count int
+);
+INSERT INTO user_data VALUES (101,'Joe','Snow','987654321','VISA',' ',0);
+INSERT INTO user_data VALUES (101,'Joe','Snow','2234200065411','MC',' ',0);
+INSERT INTO user_data VALUES (102,'John','Smith','2435600002222','MC',' ',0);
+INSERT INTO user_data VALUES (102,'John','Smith','4352209902222','AMEX',' ',0);
+INSERT INTO user_data VALUES (103,'Jane','Plane','123456789','MC',' ',0);
+INSERT INTO user_data VALUES (103,'Jane','Plane','333498703333','AMEX',' ',0);
+INSERT INTO user_data VALUES (10312,'Jolly','Hershey','176896789','MC',' ',0);
+INSERT INTO user_data VALUES (10312,'Jolly','Hershey','333300003333','AMEX',' ',0);
+INSERT INTO user_data VALUES (10323,'Grumpy','youaretheweakestlink','673834489','MC',' ',0);
+INSERT INTO user_data VALUES (10323,'Grumpy','youaretheweakestlink','33413003333','AMEX',' ',0);
+INSERT INTO user_data VALUES (15603,'Peter','Sand','123609789','MC',' ',0);
+INSERT INTO user_data VALUES (15603,'Peter','Sand','338893453333','AMEX',' ',0);
+INSERT INTO user_data VALUES (15613,'Joesph','Something','33843453533','AMEX',' ',0);
+INSERT INTO user_data VALUES (15837,'Chaos','Monkey','32849386533','CM',' ',0);
+INSERT INTO user_data VALUES (19204,'Mr','Goat','33812953533','VISA',' ',0);

src/main/resources/lessons/sqlinjection/db/migration/V2019_09_26_3__salaries.sql

@@ -0,0 +1,10 @@
+CREATE TABLE salaries(
+  userid varchar(50),
+  salary int
+);
+
+INSERT INTO salaries VALUES ('jsmith', 20000);
+INSERT INTO salaries VALUES ('lsmith', 45000);
+INSERT INTO salaries VALUES ('wgoat', 100000);
+INSERT INTO salaries VALUES ('rjones', 777777);
+INSERT INTO salaries VALUES ('manderson', 65000);

src/main/resources/lessons/sqlinjection/db/migration/V2019_09_26_4__tan.sql

@@ -0,0 +1,14 @@
+CREATE TABLE user_data_tan (
+ userid int not null,
+ first_name varchar(20),
+ last_name varchar(20),
+ cc_number varchar(30),
+ cc_type varchar(10),
+ cookie varchar(20),
+ login_count int,
+ password varchar(20)
+);
+
+INSERT INTO user_data_tan VALUES (101,'Joe','Snow','987654321','VISA',' ',0, 'banana');
+INSERT INTO user_data_tan VALUES (102,'Jane','Plane','74589864','MC',' ',0, 'tarzan');
+INSERT INTO user_data_tan VALUES (103,'Jack','Sparrow','68659365','MC',' ',0, 'sniffy');

src/main/resources/lessons/sqlinjection/db/migration/V2019_09_26_5__challenge_assignment.sql

@@ -0,0 +1,10 @@
+CREATE TABLE sql_challenge_users(
+  userid varchar(250),
+  email varchar(30),
+  password varchar(30)
+);
+
+INSERT INTO sql_challenge_users VALUES ('larry', 'larry@webgoat.org', 'larryknows');
+INSERT INTO sql_challenge_users VALUES ('tom', 'tom@webgoat.org', 'thisisasecretfortomonly');
+INSERT INTO sql_challenge_users VALUES ('alice', 'alice@webgoat.org', 'rt*(KJ()LP())$#**');
+INSERT INTO sql_challenge_users VALUES ('eve', 'eve@webgoat.org', '**********');

src/main/resources/lessons/sqlinjection/db/migration/V2019_09_26_6__user_system_data.sql

@@ -0,0 +1,12 @@
+CREATE TABLE user_system_data(
+  userid int not null primary key,
+  user_name varchar(12),
+  password varchar(10),
+  cookie varchar(30)
+);
+
+INSERT INTO user_system_data VALUES (101,'jsnow','passwd1', '');
+INSERT INTO user_system_data VALUES (102,'jdoe','passwd2', '');
+INSERT INTO user_system_data VALUES (103,'jplane','passwd3', '');
+INSERT INTO user_system_data VALUES (104,'jeff','jeff', '');
+INSERT INTO user_system_data VALUES (105,'dave','passW0rD', '');

src/main/resources/lessons/sqlinjection/db/migration/V2019_09_26_7__employees.sql

@@ -0,0 +1,20 @@
+CREATE TABLE employees(
+  userid varchar(6) not null primary key,
+  first_name varchar(20),
+  last_name varchar(20),
+  department varchar(20),
+  salary int,
+  auth_tan varchar(6)
+);
+
+INSERT INTO employees VALUES ('32147','Paulina',  'Travers', 'Accounting',  46000, 'P45JSI');
+INSERT INTO employees VALUES ('89762','Tobi',     'Barnett', 'Development', 77000, 'TA9LL1');
+INSERT INTO employees VALUES ('96134','Bob',      'Franco',  'Marketing',   83700, 'LO9S2V');
+INSERT INTO employees VALUES ('34477','Abraham ', 'Holman',  'Development', 50000, 'UU2ALK');
+INSERT INTO employees VALUES ('37648','John',     'Smith',   'Marketing',   64350, '3SL99A');
+
+CREATE TABLE access_log (
+  id int generated always as identity not null primary key,
+  time varchar(50),
+  action varchar(200)
+);

src/main/resources/lessons/sqlinjection/db/migration/V2021_03_13_8__grant.sql

@@ -0,0 +1,14 @@
+CREATE TABLE grant_rights(
+  userid varchar(6) not null primary key,
+  first_name varchar(20),
+  last_name varchar(20),
+  department varchar(20),
+  salary int
+);
+
+INSERT INTO grant_rights VALUES ('32147','Paulina',  'Travers', 'Accounting',  46000);
+INSERT INTO grant_rights VALUES ('89762','Tobi',     'Barnett', 'Development', 77000);
+INSERT INTO grant_rights VALUES ('96134','Bob',      'Franco',  'Marketing',   83700);
+INSERT INTO grant_rights VALUES ('34477','Abraham ', 'Holman',  'Development', 50000);
+INSERT INTO grant_rights VALUES ('37648','John',     'Smith',   'Marketing',   64350);
+