dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#974: Update the lesson text

Browse Source
This commit is contained in:
Nanne Baars 2021-04-01 18:13:21 +02:00 committed by Nanne Baars
parent de453fad84
commit ba2cb7d14f
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content4.adoc
View File

@ -9,10 +9,9 @@ If an attacker successfully "injects" DCL type SQL commands into a database, he
* GRANT - give a user access privileges on database objects * GRANT - give a user access privileges on database objects
* REVOKE - withdraw user privileges that were previously given using GRANT * REVOKE - withdraw user privileges that were previously given using GRANT
* Example: * Example:
** GRANT CREATE TABLE + ** GRANT CREATE TABLE TO operator;
TO operator;
** This statement gives all users of the operator-role the privilege to create new tables in the database. ** This statement gives all users of the operator-role the privilege to create new tables in the database.
Try to grant the user group "UnauthorizedUser" the right to alter tables: Try to grant rights to the table `grant_rights` to user `unauthorized_user`: