diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java new file mode 100755 index 000000000..2d64cc3d5 --- /dev/null +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/DBSQLInjection.java @@ -0,0 +1,253 @@ +package org.owasp.webgoat.lessons.DBSQLInjection; + +import java.util.ArrayList; +import java.util.List; +import org.apache.ecs.ElementContainer; +import org.owasp.webgoat.lessons.Category; +import org.owasp.webgoat.lessons.GoatHillsFinancial.DeleteProfile; +import org.owasp.webgoat.lessons.GoatHillsFinancial.EditProfile; +import org.owasp.webgoat.lessons.GoatHillsFinancial.FindProfile; +import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial; +import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction; +import org.owasp.webgoat.lessons.GoatHillsFinancial.ListStaff; +import org.owasp.webgoat.lessons.GoatHillsFinancial.Logout; +import org.owasp.webgoat.lessons.GoatHillsFinancial.SearchStaff; +import org.owasp.webgoat.lessons.GoatHillsFinancial.UpdateProfile; +import org.owasp.webgoat.lessons.GoatHillsFinancial.ViewProfile; +import org.owasp.webgoat.session.ParameterNotFoundException; +import org.owasp.webgoat.session.UnauthenticatedException; +import org.owasp.webgoat.session.UnauthorizedException; +import org.owasp.webgoat.session.ValidationException; +import org.owasp.webgoat.session.WebSession; + +/******************************************************************************* + * + * + * This file is part of WebGoat, an Open Web Application Security Project + * utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2007 Bruce Mayhew + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; either version 2 of the License, or (at your option) any later + * version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place - Suite 330, Boston, MA 02111-1307, USA. + * + * Getting Source ============== + * + * Source for this application is maintained at code.google.com, a repository + * for free software projects. + * + * For details, please see http://code.google.com/p/webgoat/ + */ +public class DBSQLInjection extends GoatHillsFinancial +{ + private final static Integer DEFAULT_RANKING = new Integer(75); + + public final static int PRIZE_EMPLOYEE_ID = 112; + + public final static String PRIZE_EMPLOYEE_NAME = "Neville Bartholomew"; + + public final static String STAGE1 = "Stage 1"; + + public final static String STAGE2 = "Stage 2"; + + public void registerActions(String className) + { + registerAction(new ListStaff(this, className, LISTSTAFF_ACTION)); + registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION)); + registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION)); + registerAction(new EditProfile(this, className, EDITPROFILE_ACTION)); + registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION)); + + // These actions are special in that they chain to other actions. + registerAction(new Login(this, className, LOGIN_ACTION, + getAction(LISTSTAFF_ACTION))); + registerAction(new Logout(this, className, LOGOUT_ACTION, + getAction(LOGIN_ACTION))); + registerAction(new FindProfile(this, className, FINDPROFILE_ACTION, + getAction(VIEWPROFILE_ACTION))); + registerAction(new UpdateProfile(this, className, + UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION))); + registerAction(new DeleteProfile(this, className, + DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION))); + } + + /** + * Gets the category attribute of the CrossSiteScripting object + * + * @return The category value + */ + public Category getDefaultCategory() + { + return Category.A6; + } + + /** + * Gets the hints attribute of the DirectoryScreen object + * + * @return The hints value + */ + protected List getHints(WebSession s) + { + List hints = new ArrayList(); + hints + .add("The application is taking your input and inserting it at the end of a pre-formed SQL command."); + hints + .add("This is the code for the query being built and issued by WebGoat:

" + + "stmt := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
" + + "EXECUTE IMMEDIATE stmt INTO v_userid;"); + hints + .add("Compound SQL statements can be made by joining multiple tests with keywords like AND and OR. " + + "Remember: You need to end up with a SQL statement that only returns one row, since we are using an INTO clause"); + + // Stage 1 + hints + .add("You may need to use WebScarab to remove a field length limit to fit your attack."); + hints.add("Try entering a password of [ ' OR userid=112 OR password=' ]."); + + // Stage 2 + hints + .add("Change the Stored procedure to use bind variables."); + + return hints; + } + + @Override + public String[] getStages() { + return new String[] {STAGE1, STAGE2}; + } + + /** + * Gets the instructions attribute of the ParameterInjection object + * + * @return The instructions value + */ + public String getInstructions(WebSession s) + { + String instructions = ""; + + if (!getLessonTracker(s).getCompleted()) + { + String stage = getStage(s); + if (STAGE1.equals(stage)) + { + instructions = "Use String SQL Injection to bypass authentication. " + + "The goal here is to login as the user " + + PRIZE_EMPLOYEE_NAME + + ", who is in the Admin group. " + + "You do not have the password, but the form is SQL injectable."; + } + else if (STAGE2.equals(stage)) + { + instructions = "Use bind variables.
" + + "Update the stored procedure in the database to use bind variables, rather than string concatenation"; + } + } + + return instructions; + } + + public void handleRequest(WebSession s) + { + if (s.getLessonSession(this) == null) + s.openLessonSession(this); + + String requestedActionName = null; + try + { + requestedActionName = s.getParser().getStringParameter("action"); + } + catch (ParameterNotFoundException pnfe) + { + // Let them eat login page. + requestedActionName = LOGIN_ACTION; + } + + if (requestedActionName != null) + { + try + { + LessonAction action = getAction(requestedActionName); + if (action != null) + { + //System.out.println("CrossSiteScripting.handleRequest() dispatching to: " + action.getActionName()); + if (!action.requiresAuthentication() + || action.isAuthenticated(s)) + { + action.handleRequest(s); + //setCurrentAction(s, action.getNextPage(s)); + } + } + else + setCurrentAction(s, ERROR_ACTION); + } + catch (ParameterNotFoundException pnfe) + { + System.out.println("Missing parameter"); + pnfe.printStackTrace(); + setCurrentAction(s, ERROR_ACTION); + } + catch (ValidationException ve) + { + System.out.println("Validation failed"); + ve.printStackTrace(); + setCurrentAction(s, ERROR_ACTION); + } + catch (UnauthenticatedException ue) + { + s.setMessage("Login failed"); + System.out.println("Authentication failure"); + ue.printStackTrace(); + } + catch (UnauthorizedException ue2) + { + s.setMessage("You are not authorized to perform this function"); + System.out.println("Authorization failure"); + ue2.printStackTrace(); + } + catch (Exception e) + { + // All other errors send the user to the generic error page + System.out.println("handleRequest() error"); + e.printStackTrace(); + setCurrentAction(s, ERROR_ACTION); + } + } + + // All this does for this lesson is ensure that a non-null content exists. + setContent(new ElementContainer()); + } + + protected Integer getDefaultRanking() + { + return DEFAULT_RANKING; + } + + + /** + * Gets the title attribute of the CrossSiteScripting object + * + * @return The title value + */ + public String getTitle() + { + return "LAB: DB SQL Injection"; + } + + @Override + protected boolean getDefaultHidden() { + return ! getWebgoatContext().getDatabaseDriver().contains("oracle"); + } + + +} diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java new file mode 100755 index 000000000..aba2472c9 --- /dev/null +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/DBSQLInjection/Login.java @@ -0,0 +1,240 @@ +package org.owasp.webgoat.lessons.DBSQLInjection; + +import java.sql.CallableStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.List; +import java.util.Vector; + +import org.owasp.webgoat.lessons.GoatHillsFinancial.DefaultLessonAction; +import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial; +import org.owasp.webgoat.lessons.GoatHillsFinancial.LessonAction; +import org.owasp.webgoat.session.EmployeeStub; +import org.owasp.webgoat.session.ParameterNotFoundException; +import org.owasp.webgoat.session.UnauthenticatedException; +import org.owasp.webgoat.session.UnauthorizedException; +import org.owasp.webgoat.session.ValidationException; +import org.owasp.webgoat.session.WebSession; + +/******************************************************************************* + * + * + * This file is part of WebGoat, an Open Web Application Security Project + * utility. For details, please see http://www.owasp.org/ + * + * Copyright (c) 2002 - 2007 Bruce Mayhew + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free Software + * Foundation; either version 2 of the License, or (at your option) any later + * version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place - Suite 330, Boston, MA 02111-1307, USA. + * + * Getting Source ============== + * + * Source for this application is maintained at code.google.com, a repository + * for free software projects. + * + * For details, please see http://code.google.com/p/webgoat/ + */ +public class Login extends DefaultLessonAction +{ + + private LessonAction chainedAction; + + + public Login(GoatHillsFinancial lesson, String lessonName, String actionName, + LessonAction chainedAction) + { + super(lesson, lessonName, actionName); + this.chainedAction = chainedAction; + } + + + public void handleRequest(WebSession s) throws ParameterNotFoundException, + ValidationException + { + //System.out.println("Login.handleRequest()"); + getLesson().setCurrentAction(s, getActionName()); + + List employees = getAllEmployees(s); + setSessionAttribute(s, getLessonName() + "." + + DBSQLInjection.STAFF_ATTRIBUTE_KEY, employees); + + String employeeId = null; + try + { + employeeId = s.getParser().getStringParameter( + DBSQLInjection.EMPLOYEE_ID); + String password = s.getParser().getRawParameter( + DBSQLInjection.PASSWORD); + + // Attempt authentication + boolean authenticated = login(s, employeeId, password); + + if (authenticated) + { + // Execute the chained Action if authentication succeeded. + try + { + chainedAction.handleRequest(s); + } + catch (UnauthenticatedException ue1) + { + System.out.println("Internal server error"); + ue1.printStackTrace(); + } + catch (UnauthorizedException ue2) + { + System.out.println("Internal server error"); + ue2.printStackTrace(); + } + } + else + s.setMessage("Login failed"); + + } + catch (ParameterNotFoundException pnfe) + { + // No credentials offered, so we log them out + setSessionAttribute(s, getLessonName() + ".isAuthenticated", + Boolean.FALSE); + } + } + + + public String getNextPage(WebSession s) + { + String nextPage = DBSQLInjection.LOGIN_ACTION; + + if (isAuthenticated(s)) + nextPage = chainedAction.getNextPage(s); + + return nextPage; + + } + + + public boolean requiresAuthentication() + { + return false; + } + + + public boolean login(WebSession s, String userId, String password) + { + System.out.println("Using \"" + password + "\""); + boolean authenticated = false; + + try + { + String call = "{ CALL EMPLOYEE_LOGIN(?,?) }"; + try + { + CallableStatement statement = WebSession.getConnection(s) + .prepareCall(call, ResultSet.TYPE_SCROLL_INSENSITIVE, + ResultSet.CONCUR_READ_ONLY); + statement.setInt(1, Integer.parseInt(userId)); + statement.setString(2, password); + // if this executes successfully, we are authenticated + statement.execute(); + + setSessionAttribute(s, + getLessonName() + ".isAuthenticated", Boolean.TRUE); + setSessionAttribute(s, getLessonName() + "." + + DBSQLInjection.USER_ID, userId); + authenticated = true; + if (DBSQLInjection.STAGE1.equals(getStage(s)) && + DBSQLInjection.PRIZE_EMPLOYEE_ID == Integer.parseInt(userId)) + { + setStageComplete(s, DBSQLInjection.STAGE1); + s.setMessage("Congratulations, you have completed " + DBSQLInjection.STAGE1); + } + } + catch (SQLException sqle) + { + s.setMessage("Error logging in: " + sqle.getLocalizedMessage()); + sqle.printStackTrace(); + if (DBSQLInjection.STAGE2.equals(getStage(s))) + { + try + { + String call2 = "{ CALL EMPLOYEE_LOGIN_BACKUP(?,?) }"; + CallableStatement statement = WebSession.getConnection(s) + .prepareCall(call2, ResultSet.TYPE_SCROLL_INSENSITIVE, + ResultSet.CONCUR_READ_ONLY); + statement.setInt(1, Integer.parseInt(userId)); + statement.setString(2, password); + statement.execute(); + setStageComplete(s, DBSQLInjection.STAGE2); + s.setMessage("Congratulations, you have completed " + DBSQLInjection.STAGE2); + } + catch (SQLException sqle2){} + } + } + } + catch (Exception e) + { + s.setMessage("Error logging in: " + e.getLocalizedMessage()); + e.printStackTrace(); + } + + //System.out.println("Lesson login result: " + authenticated); + return authenticated; + } + + public List getAllEmployees(WebSession s) + { + List employees = new Vector(); + + // Query the database for all roles the given employee belongs to + // Query the database for all employees "owned" by these roles + + try + { + String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles " + + "where employee.userid=roles.userid"; + + try + { + Statement answer_statement = WebSession.getConnection(s) + .createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, + ResultSet.CONCUR_READ_ONLY); + ResultSet answer_results = answer_statement.executeQuery(query); + answer_results.beforeFirst(); + while (answer_results.next()) + { + int employeeId = answer_results.getInt("userid"); + String firstName = answer_results.getString("first_name"); + String lastName = answer_results.getString("last_name"); + String role = answer_results.getString("role"); + EmployeeStub stub = new EmployeeStub(employeeId, firstName, + lastName, role); + employees.add(stub); + } + } + catch (SQLException sqle) + { + s.setMessage("Error getting employees"); + sqle.printStackTrace(); + } + } + catch (Exception e) + { + s.setMessage("Error getting employees"); + e.printStackTrace(); + } + + return employees; + } + +} diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java new file mode 100755 index 000000000..feaca5c63 --- /dev/null +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBSQLInjection/Login_i.java @@ -0,0 +1,29 @@ +package org.owasp.webgoat.lessons.instructor.DBSQLInjection; + +/* + * The solution is to choose Neville's userid, and enter a password like: + * ' OR userid=112 OR password=' + * Modify the Stored procedure LOGIN_EMPLOYEE to use fixed statements or bind variables + * + * +CREATE OR REPLACE PROCEDURE EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS + v_userid NUMBER; +BEGIN + SELECT USERID INTO v_userid FROM EMPLOYEE + WHERE USERID = v_id + AND PASSWORD = v_password; +END; +/ + +* OR + +CREATE OR REPLACE PROCEDURE EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS + stmt VARCHAR(32767); + v_userid NUMBER; +BEGIN + stmt := 'SELECT USERID FROM EMPLOYEE WHERE USERID = :1 AND PASSWORD = :2'; + EXECUTE IMMEDIATE stmt INTO v_userid USING v_id, v_password; +END; +/ + +*/ diff --git a/ webgoat/main/project/WebContent/WEB-INF/lib/ojdbc14.jar b/ webgoat/main/project/WebContent/WEB-INF/lib/ojdbc14.jar new file mode 100755 index 000000000..0aa1b519e Binary files /dev/null and b/ webgoat/main/project/WebContent/WEB-INF/lib/ojdbc14.jar differ diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.css b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.css new file mode 100755 index 000000000..b0b84331b --- /dev/null +++ b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.css @@ -0,0 +1,14 @@ +#lesson_wrapper {height: 435px;width: 500px;} +#lesson_header {background-image: url(lessons/DBSQLInjection/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;} +.lesson_workspace {background-image: url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;} +.lesson_text {height: 240px;width: 460px;padding-top: 5px;} +#lesson_buttons_bottom {height: 20px;width: 460px;} +#lesson_b_b_left {width: 300px;float: left;} +#lesson_b_b_right input {width: 100px;float: right;} +.lesson_title_box {height: 20px;width: 420px;padding-left: 30px;} +.lesson_workspace { } +.lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;} +.lesson_text_db {color: #0066FF} +#lesson_login {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;} +#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;} +#lesson_search {background-image: url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;} diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.jsp b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.jsp new file mode 100755 index 000000000..7bf2fc250 --- /dev/null +++ b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/DBSQLInjection.jsp @@ -0,0 +1,26 @@ +<%@ page contentType="text/html; charset=ISO-8859-1" language="java" + import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" + errorPage="" %> + +<% +WebSession webSession = ((WebSession)session.getAttribute("websession")); +DBSQLInjection currentLesson = (DBSQLInjection) webSession.getCurrentLesson(); +%> +
+
+
+ <% + String subViewPage = currentLesson.getPage(webSession); + if (subViewPage != null) + { + //System.out.println("Including sub view page: " + subViewPage); + %> + + <% + } + %> + +
+
\ No newline at end of file diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/EditProfile.jsp b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/EditProfile.jsp new file mode 100755 index 000000000..d27c51ebe --- /dev/null +++ b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/EditProfile.jsp @@ -0,0 +1,133 @@ +<%@ page contentType="text/html; charset=ISO-8859-1" language="java" + import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" + errorPage="" %> +<% + WebSession webSession = ((WebSession)session.getAttribute("websession")); + Employee employee = (Employee) session.getAttribute("DBDBSQLInjection.Employee"); +%> +
Welcome Back <%=webSession.getUserNameInLesson()%>
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ First Name: + + + + Last Name: + + +
+ Street: + + + + City/State: + + +
+ Phone: + + + + Start Date: + + +
+ SSN: + + + + Salary: + + +
+ Credit Card: + + + + Credit Card Limit: + + +
+ Comments: + + + + Manager: + + +
+ Disciplinary Explanation: + + + + Disciplinary Action Dates: + + +
+
+
+ + + + + + + + +
+ + + + + + + +
+
+
\ No newline at end of file diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/ListStaff.jsp b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/ListStaff.jsp new file mode 100755 index 000000000..257b4f726 --- /dev/null +++ b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/ListStaff.jsp @@ -0,0 +1,55 @@ +<%@ page contentType="text/html; charset=ISO-8859-1" language="java" + import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" + errorPage="" %> +<% + WebSession webSession = ((WebSession)session.getAttribute("websession")); + int myUserId = webSession.getUserIdInLesson(); +%> +
Welcome Back <%=webSession.getUserNameInLesson()%> - Staff Listing Page
+
+
+
+

Select from the list below

+ +
+ + + + + +
+
+
+ <% + if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.CREATEPROFILE_ACTION)) + { + %> +
+ <% + } + %> + <% + if (webSession.isAuthorizedInLesson(myUserId, DBSQLInjection.DELETEPROFILE_ACTION)) + { + %> +
+ <% + } + %> +
+ +
+ +
+ diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/Login.jsp b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/Login.jsp new file mode 100755 index 000000000..c5b8711a8 --- /dev/null +++ b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/Login.jsp @@ -0,0 +1,37 @@ +<%@ page contentType="text/html; charset=ISO-8859-1" language="java" + import="java.util.*, org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" + errorPage="" %> +
+
+ <% + WebSession webSession = ((WebSession)session.getAttribute("websession")); + %> +
+ +
+ +
+ +
+
+
\ No newline at end of file diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/SearchStaff.jsp b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/SearchStaff.jsp new file mode 100755 index 000000000..a2a24fb7d --- /dev/null +++ b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/SearchStaff.jsp @@ -0,0 +1,22 @@ +<%@ page contentType="text/html; charset=ISO-8859-1" language="java" + import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" + errorPage="" %> + \ No newline at end of file diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/ViewProfile.jsp b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/ViewProfile.jsp new file mode 100755 index 000000000..e444fa3dd --- /dev/null +++ b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/ViewProfile.jsp @@ -0,0 +1,154 @@ +<%@ page contentType="text/html; charset=ISO-8859-1" language="java" + import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.DBSQLInjection.DBSQLInjection" + errorPage="" %> +<% + WebSession webSession = ((WebSession)session.getAttribute("websession")); + Employee employee = (Employee) session.getAttribute("DBSQLInjection." + DBSQLInjection.EMPLOYEE_ATTRIBUTE_KEY); +// int myUserId = getIntSessionAttribute(webSession, "DBSQLInjection." + DBSQLInjection.USER_ID); +%> +
Welcome Back <%=webSession.getUserNameInLesson()%>
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ First Name: + + <%=employee.getFirstName()%> + + Last Name: + + <%=employee.getLastName()%> +
+ Street: + + <%=employee.getAddress1()%> + + City/State: + + <%=employee.getAddress2()%> +
+ Phone: + + <%=employee.getPhoneNumber()%> + + Start Date: + + <%=employee.getStartDate()%> +
+ SSN: + + <%=employee.getSsn()%> + + Salary: + + <%=employee.getSalary()%> +
+ Credit Card: + + <%=employee.getCcn()%> + + Credit Card Limit: + + <%=employee.getCcnLimit()%> +
+ Comments: + + <%=employee.getPersonalDescription()%> + + Manager: + + <%=employee.getManager()%> +
+ Disciplinary Explanation: + + <%=employee.getDisciplinaryActionNotes()%> + + Disciplinary Action Dates: + + <%=employee.getDisciplinaryActionDate()%> +
+
+
+ + + + + + + + +
+ <% + if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.LISTSTAFF_ACTION)) + { + %> +
+ + +
+ <% + } + %> + 		+ <% + if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.EDITPROFILE_ACTION)) + { + %> +
+ + +
+ <% + } + %> + 		+ <% + if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), DBSQLInjection.DELETEPROFILE_ACTION)) + { + %> +
+ + +
+ <% + } + %> + 		  +
+ +
+
+
\ No newline at end of file diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/error.jsp b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/error.jsp new file mode 100755 index 000000000..5af0a45dc --- /dev/null +++ b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/error.jsp @@ -0,0 +1,3 @@ +<%@ page contentType="text/html; charset=ISO-8859-1" language="java" + errorPage="" %> +


An error has occurred. diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg new file mode 100755 index 000000000..39e1ed80d Binary files /dev/null and b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg differ diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_header.jpg b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_header.jpg new file mode 100755 index 000000000..60a809af0 Binary files /dev/null and b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_header.jpg differ diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_loginWindow.jpg b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_loginWindow.jpg new file mode 100755 index 000000000..c91f8a052 Binary files /dev/null and b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_loginWindow.jpg differ diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_menu.jpg b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_menu.jpg new file mode 100755 index 000000000..2c9512571 Binary files /dev/null and b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_menu.jpg differ diff --git a/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_workspace.jpg b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_workspace.jpg new file mode 100755 index 000000000..292d25654 Binary files /dev/null and b/ webgoat/main/project/WebContent/lessons/DBSQLInjection/images/lesson1_workspace.jpg differ