From e114360a5f4a3c83ec0fc06d9920151fc73e1db0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=80ngel=20Oll=C3=A9=20Bl=C3=A1zquez?= Date: Sat, 27 Mar 2021 19:49:53 +0100 Subject: [PATCH] Fix SQL Injection --- .../en/SqlInjection_introduction_content5_after.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc index 1959d7c00..d8aaf5ad3 100644 --- a/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc +++ b/webgoat-lessons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_introduction_content5_after.adoc @@ -2,9 +2,9 @@ SQL injection can be used for far more than reading the data of a single of user. The following are just a few examples of data a hacker could input to a form field (or anywhere user input is accepted) in an attempt to exploit a SQL injection vulnerability: -* `+Smith’ OR '1' = '1+` + +* `+Smith' OR '1' = '1+` + results in `+SELECT * FROM users WHERE name = 'Smith' OR TRUE;+` which will return all entries from the users table -* `+Smith’ OR 1 = 1; --+` + +* `+Smith' OR 1 = 1; --+` + results in `+SELECT * FROM users WHERE name = 'Smith' OR TRUE;--';+` which, like the first example, will also return all entries from the users table -* `+Smith’; DROP TABLE users; TRUNCATE audit_log; --+` + +* `+Smith'; DROP TABLE users; TRUNCATE audit_log; --+` + chains multiple SQL-Commands in order to both DROP the users table and delete all entries from the audit_log table