dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added a little more info to assignments 11-13 of sql-introduction

Browse Source
This commit is contained in:
Benedikt - Desktop 2019-01-22 11:20:40 +01:00 committed by Nanne Baars
parent e8caeedf53
commit df49fcdb39
4 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjection.html
View File

@ -285,7 +285,7 @@
<table> <table>
<tr> <tr>
<td><label>Action contains:</label></td> <td><label>Action contains:</label></td>
<td><input name="action_string" value="" type="TEXT"/></td> <td><input name="action_string" value="" type="TEXT" placeholder="Enter search string"/></td>
</tr> </tr>
<tr> <tr>
<td><button type="SUBMIT">Search logs</button></td> <td><button type="SUBMIT">Search logs</button></td>

2
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content10.adoc
View File

@ -10,4 +10,4 @@ Another way to compromise availability would be to per example revoke access-rig
Now you are the top earner in your company. Now you are the top earner in your company.
But do you see that? But do you see that?
There seems to be a *access_log* table, where all your actions have been logged to! + There seems to be a *access_log* table, where all your actions have been logged to! +
Better go and _delete it_ quickly before anyone notices. Better go and _delete it_ completely before anyone notices.

2
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content8.adoc
View File

@ -11,7 +11,7 @@ If the input takes a string and that one gets inserted into the query as a strin
You could per example end the string parameter with it and input your own SQL after that. You could per example end the string parameter with it and input your own SQL after that.
=== It's your turn! === It's your turn!
You are an employee named *John Smith* working for a big company. You are an employee named John *Smith* working for a big company.
The company has an internal system that allows all employees to see their own internal data, like the department they work in and their salary. The company has an internal system that allows all employees to see their own internal data, like the department they work in and their salary.
The system requires the employees to use a unique _authentication TAN_ to view their data. + The system requires the employees to use a unique _authentication TAN_ to view their data. +

3
webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content9.adoc
View File

@ -11,3 +11,6 @@ You can do this by using the *;* metacharacter which marks the end of a query an
You just found out that Tobi and Bob both seem to earn more money than you! You just found out that Tobi and Bob both seem to earn more money than you!
Of course you cannot leave it at that. + Of course you cannot leave it at that. +
Better go and _change your own salary so you're earning the most!_ Better go and _change your own salary so you're earning the most!_
Remember: Your name is John *Smith* and your current TAN is *3SL99A*.