dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed ajax from assignment. Now using normal post-request.

Browse Source 
Made successmessages green and failure messages red for all sql-i messages
This commit is contained in:
Benedikt - Desktop
2018-11-23 17:00:02 +01:00
committed by Nanne Baars
parent 72ae0d503b
commit ea04d6ef35
5 changed files with 46 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
View File

@ -7,11 +7,10 @@ SqlInjectionChallenge1=Look at the different response you receive from the serve
SqlInjectionChallenge2=The vulnerability is on the register form
SqlInjectionChallenge3=Use tooling to automate this attack
sql-injection.error=<span class='feedback-negative'>Sorry, this solution is not correct. Try again!</span>
NoResultsMatched=<span class='feedback-negative'>No results matched. Try Again.</span>
NoResultsMatched=No results matched. Try Again.
sql-injection.2.success=You have succeeded!
sql-injection.2.failed=Something went wrong! You got no results, check your SQL Statement and the table above
sql-injection.2.success=<span class='feedback-positive'>You have succeeded!</span>
sql-injection.2.failed=<span class='feedback-negative'>Something went wrong! You got no results, check your SQL Statement and the table above.</span>
SqlStringInjectionHint2-1=You want the data from the column with the name department. You know the database name (employees) and you know the first- and lastname of the employee (first_name, last_name).
SqlStringInjectionHint2-2=SELECT column FROM tablename WHERE condition;
@ -24,28 +23,27 @@ SqlStringInjectionHint4-3=ALTER TABLE tablename ADD columnname data type(size);
SqlStringInjectionHint5-1=Look at the example. There's everything you'll need.
sql-injection.5a.success=You have succeeded: {0}
sql-injection.5a.no.results=No results matched. Try Again.
sql-injection.5b.success=You have succeeded: {0}
sql-injection.5b.no.results=No results matched. Try Again.
sql-injection.5a.success=<span class='feedback-positive'>You have succeed: {0}</span>
sql-injection.5a.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
sql-injection.5b.success=<span class='feedback-positive'>You have succeed: {0}</span>
sql-injection.5b.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
SqlStringInjectionHint5b1=Try to check which of the input fields is susceptible to an injection attack.
SqlStringInjectionHint5b2=Insert 0 or 1 = 1 into the first input field. Th Output should tell you if this field is injectable.
SqlStringInjectionHint5b3=The first Input field is not susceptible to sql injection.
SqlStringInjectionHint5b4=You don't need to insert any quotations into your injection-string.
sql-injection.6a.success=You have succeeded: {0}
sql-injection.6a.no.results=No results matched. Try Again.
sql-injection.6a.success=<span class='feedback-positive'>You have succeed: {0}</span>
sql-injection.6a.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
sql-injection.advanced.6a.success=You have succeed: {0}
sql-injection.advanced.6a.no.results=No results matched. Try Again.
sql-injection.advanced.6a.success=<span class='feedback-positive'>You have succeed: {0}</span>
sql-injection.advanced.6a.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
SqlStringInjectionHint-advanced-6a-1=Try Appending a new SQL Statement to the Query.
SqlStringInjectionHint-advanced-6a-2=The new SQL Statement can be really simple like: SELECT ... FROM ...
SqlStringInjectionHint-advanced-6a-3=Your new SQL Query should start, with a " ; " and end with " -- "
sql-injection.6b.success=You have succeeded: {0}
sql-injection.6b.no.results=No results matched. Try Again.
sql-injection.6b.success=<span class='feedback-positive'>You have succeed: {0}</span>
sql-injection.6b.no.results=<span class='feedback-negative'>No results matched. Try Again.</span>
sql-injection.8.success=<span class='feedback-positive'>You have succeeded! You successfully compromised the confidentiality of data by viewing internal information that you should not have access to. Well done!</span>
sql-injection.8.no.results=<span class='feedback-negative'>No employee found with matching lastname. Or maybe your authentication TAN is incorrect?</span>
@ -66,9 +64,9 @@ SqlStringInjectionHint.9.5=How about something like '; UPDATE employees....
sql-injection.10.success=<span class='feedback-positive'>Success! You successfully deleted the access_log table and that way compromised the availability of the data.</span>
sql-injection.10.entries=<span class='feedback-negative'>There's still evidence of what you did. Better remove the whole table.</span>
sql-injection.10b.success=Your code can prevent an SQL Injection! Success!
sql-injection.10b.failed=Something doesn't seem right with that code. Maybe you should look at an example how to prevent SQL Injections with JDBC?
sql-injection.10b.success=<span class='feedback-positive'>Your code can prevent an SQL Injection! Success!</span>
sql-injection.10b.failed=<span class='feedback-negative'>Something doesn't seem right with that code. Maybe you should look at an example how to prevent SQL Injections with JDBC?</span>
sql-injection.10b.no-code=<span class='feedback-negative'>You need to write some code.</span>
SqlStringInjectionHint.10.1=Use the techniques that you have learned before.
SqlStringInjectionHint.10.2=The application takes your input and filters for entries that are LIKE it.