dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented better lesson description, hints and feedback

Browse Source
This commit is contained in:
Tobias-Melzer
2019-01-14 19:00:44 +01:00
committed by Nanne Baars
parent cec60447c4
commit d27577c1c4
7 changed files with 51 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -30,7 +30,7 @@ sql-injection.5b.success=<span class='feedback-positive'>You have succeed: {0}</
sql-injection.5b.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
SqlStringInjectionHint5b1=Try to check which of the input fields is susceptible to an injection attack.
SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. The Output should tell you if this field is injectable.
SqlStringInjectionHint5b2=Insert: <span style="font-style: italic">0 or 1 = 1</span> into the first input field. The Output should tell you if this field is injectable.
SqlStringInjectionHint5b3=The first Input field is not susceptible to sql injection.
SqlStringInjectionHint5b4=You don't need to insert any quotations into your injection-string.
@ -39,9 +39,11 @@ sql-injection.6a.no.results=<span class='feedback-negative'>No results matched.
sql-injection.advanced.6a.success=<span class='feedback-positive'>You have succeed: {0}</span>
sql-injection.advanced.6a.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
SqlStringInjectionHint-advanced-6a-1=Try Appending a new SQL Statement to the Query.
SqlStringInjectionHint-advanced-6a-2=The new SQL Statement can be really simple like: SELECT ... FROM ...
SqlStringInjectionHint-advanced-6a-3=Your new SQL Query should start, with a " ; " and end with " -- "
SqlStringInjectionHint-advanced-6a-1=Remember, that when using a Union, Each SELECT statement within UNION must have the same number of columns.
SqlStringInjectionHint-advanced-6a-2=The Datatype of a column in the first SELECT statement must have a similar datatype to that in the second SELECT statement.
SqlStringInjectionHint-advanced-6a-3=Your new SQL Query must end with a comment. eg: --
SqlStringInjectionHint-advanced-6a-4=If a column needs a String you could substitute something like <span style="font-style: italic">'a String'</span> for it. For an integer you could substitute a <span style="font-style: italic">1</span>.
SqlStringInjectionHint-advanced-6a-5=Try something like: <span style="font-style: italic">Smith' UNION SELECT userid,user_name, password, 'a', 'b', 'c', 1 from user_system_data --</span>
sql-injection.6b.success=<span class='feedback-positive'>You have succeed: {0}</span>
sql-injection.6b.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>