Implemented better lesson description, hints and feedback

2019-01-14 19:00:44 +01:00
parent cec60447c4
commit d27577c1c4
7 changed files with 51 additions and 35 deletions
--- a/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html
+++ b/webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html
@ -196,11 +196,11 @@
            <table>
                <tr>
                    <td>Login_Count:</td>
-                    <td><input name="login_count" value="" type="text"/></td>
+                    <td><input name="login_count" type="text" required="true"/></td>
                </tr>
                <tr>
                    <td>User_Id:</td>
-                    <td><input name="userid" value="" type="TEXT"/></td>
+                    <td><input name="userid" type="TEXT" required="true"/></td>
                </tr>
                <tr>
                    <td></td>
--- a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
+++ b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
@ -30,7 +30,7 @@ sql-injection.5b.success=<span class='feedback-positive'>You have succeed: {0}</
 sql-injection.5b.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>

 SqlStringInjectionHint5b1=Try to check which of the input fields is susceptible to an injection attack.
-SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. The Output should tell you if this field is injectable.
+SqlStringInjectionHint5b2=Insert: <span style="font-style: italic">0 or 1 = 1</span> into the first input field. The Output should tell you if this field is injectable.
 SqlStringInjectionHint5b3=The first Input field is not susceptible to sql injection.
 SqlStringInjectionHint5b4=You don't need to insert any quotations into your injection-string.

@ -39,9 +39,11 @@ sql-injection.6a.no.results=<span class='feedback-negative'>No results matched.

 sql-injection.advanced.6a.success=<span class='feedback-positive'>You have succeed: {0}</span>
 sql-injection.advanced.6a.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
-SqlStringInjectionHint-advanced-6a-1=Try Appending a new SQL Statement to the Query.
-SqlStringInjectionHint-advanced-6a-2=The new SQL Statement can be really simple like: SELECT ... FROM ...
-SqlStringInjectionHint-advanced-6a-3=Your new SQL Query should start, with a " ; " and end with " -- "
+SqlStringInjectionHint-advanced-6a-1=Remember, that when using a Union, Each SELECT statement within UNION must have the same number of columns.
+SqlStringInjectionHint-advanced-6a-2=The Datatype of a column in the first SELECT statement must have a similar datatype to that in the second SELECT statement.
+SqlStringInjectionHint-advanced-6a-3=Your new SQL Query must end with a comment. eg: --
+SqlStringInjectionHint-advanced-6a-4=If a column needs a String you could substitute something like <span style="font-style: italic">'a String'</span> for it. For an integer you could substitute a <span style="font-style: italic">1</span>.
+SqlStringInjectionHint-advanced-6a-5=Try something like: <span style="font-style: italic">Smith' UNION SELECT userid,user_name, password, 'a', 'b', 'c', 1 from user_system_data --</span> 

 sql-injection.6b.success=<span class='feedback-positive'>You have succeed: {0}</span>
 sql-injection.6b.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6a.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6a.adoc
@ -1,8 +1,21 @@
 == Try It! Pulling data from other tables

-Lets try to exploit the fact that you can use a union to get the contents of another table.
+The input field below is used to get data from a user by their last name. +
+The table is called 'user_data':

-One of the tables in the WebGoat database is:
+-------------------------------------------------------
+CREATE TABLE user_data (userid int not null,
+                        first_name varchar(20),
+                        last_name varchar(20),
+                        cc_number varchar(30),
+                        cc_type varchar(10),
+                        cookie varchar(20),
+                        login_count int);
+-------------------------------------------------------
+
+Through experimentation you found that this field is susceptible to SQL Injection.
+Now you want to use that knowledge to get the contents of another table. +
+The table you want to pull data from is:

 -------------------------------------------------------
 CREATE TABLE user_system_data (userid int not null primary key,
--- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_order_by.adoc
+++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_order_by.adoc
@ -2,6 +2,4 @@ In this assignment try to perform an SQL injection through the ORDER BY field.
 Try to find the ip address of the `webgoat-prd` server, guessing the complete
 ip address might take too long so we give you the last part: `xxx.130.219.202`

-Tip: To complete this assignment a tool such as OWASP ZAP is required.
-
 Note: The submit field of this assignment is *NOT* vulnerable for an SQL injection.