dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,467 Commits 11 Branches 78 Tags
a2e275ef1ee3c27fa677995e5501389c1bbaecc1
Commit Graph

181 Commits

Author SHA1 Message Date
NatasG
00c4be63f0 Fix sql injection line comments issue. (#925) 2021-01-19 10:47:04 +01:00
Kelly Marchewa
2e581d6bdb docs: update SQLi lesson text (#928) 
- corrected typos/grammar issues
  - restructured sentences for clarity
 2021-01-19 10:29:16 +01:00
Gabriel M. Schuyler
b1495a8cd5 Fix typo (#909) 2020-12-03 14:23:23 +01:00
René Zubcevic
574039902d changed version to snapshot version and introduced revision parameter 
for it
 2020-11-27 12:15:19 +01:00
Eskil Andréen
74cca6d185 Add missing trailing double quote in sql query (#897) 2020-11-19 07:45:07 +01:00
Nanne Baars
7b8523dcab #839: fix the SQL statement as this one does not express that the orderBy clause input is user input 2020-11-04 20:35:05 +01:00
Nanne Baars
641d75e734 Link to the original lesson for the goal 2020-10-20 22:09:49 +02:00
René Zubcevic
317573c897 Small fixes june 2020 (#857) 
* issue 849

* another integration test for a challenge

* fixing issue 848

* updated link for issue 833

* fix for 847
 2020-07-08 19:26:09 +02:00
Nanne Baars
39740e069e New release 2020-05-22 14:10:31 +02:00
Nanne Baars
1aad57ba55 Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
Nanne Baars
54610868fe Fix the syntax differences between HSQL and Postgres 2020-04-27 11:45:41 +02:00
Satoshi SAKAO
d7ae3a4391 fix typo 2020-04-27 10:44:39 +02:00
Satoshi SAKAO
608728b135 fix asciidoc italic format 2020-04-27 10:44:39 +02:00
René Zubcevic
88eb4d7b26 ace editor added without all the nonsense around it 2020-04-26 16:45:56 +02:00
René Zubcevic
6f532683a1 lessonplan character updates so it also works on Windows Cp125 2020-04-20 12:54:18 +02:00
Nanne Baars
96412da04e Remove unused imports and parameters 2020-04-19 15:42:50 +02:00
Nanne Baars
3b7481c2a7 Update method signature 2020-04-19 15:42:50 +02:00
Nanne Baars
407e19638f Add two more assignments for SQL injection where only filtering is applied. 2020-04-19 15:42:50 +02:00
Nanne Baars
6c25cf8e43 Add path traversal lesson 2020-03-10 08:03:48 +01:00
René Zubcevic
4e371b63d0 suppressing some useless log messages and banners in unit tests (#752) 
* suppressing some useless log messages and banners in unit tests

* some more log suppressed
 2020-01-25 12:11:45 +01:00
Nanne Baars
5dd6b31905 Adjust lesson template (#704) 
* Remove method `getId()` from all lessons as it defaults to the class name

* remove clean up endpoint

* remove unused class `RequestParameter`

* remove unused class `PluginLoadingFailure`

* Move `CourseConfiguration` to lesson package

* Add more content around the lesson template lesson and make it visible as a lesson in WebGoat

* Remove explicit invocation `trackProgress()` inside WebGoat framework so assignments only need to return an `AttackResult`

* Put original solution back as well for SQL string injection

* review comments

* Add
 2019-11-17 13:39:56 +01:00
Nanne Baars
f40b6ffd31 Moving back to snapshot 2019-11-13 12:27:26 +01:00
Nanne Baars
fe2ac1b8d4 New release, updating pom.xml 2019-11-12 09:22:45 +01:00
Nanne Baars
e07a2aff48 Fix mistake the SQL exception should be throws otherwise users cannot see the table name (servers) makes it impossible to 
solve the assignment. Add explicit test for this to guard against future mistakes
 2019-11-11 21:17:51 +01:00
Nanne Baars
7d48427d4f Integrate ZAP 2.8.0 (no HUB) as the setup is different also update the filtering as usual ZAP exclusion is again broken 2019-11-11 21:17:51 +01:00
Cotonne
8da4342430 Improve readability of query (#685) 
thanks! and do not forget to clean your .webgoat... local db related files
 2019-11-04 13:28:35 +01:00
Nanne Baars
1a83e2825e Code style (#696) 
* Remove Guava dependency from WebGoat

* Add Checkstyle to the project with very basic standards so we have a
style across lessons. It does not interfere with basic Intellij formatting
 2019-11-03 18:11:09 +01:00
Nanne Baars
25dae3a4a8 Fix merge request 2019-10-30 08:28:14 +01:00
Nanne Baars
e783c0c1f1 SQL: Cannot use apostrophe/quotes on string literals #662 2019-10-30 08:28:14 +01:00
Nanne Baars
96d11697d4 SQL Injection lesson 6 minor mistakes in examples #663 2019-10-30 08:28:14 +01:00
Nanne Baars
a0933d83d5 Reworked all the SQL statements to be uppercase 2019-10-30 08:28:14 +01:00
René Zubcevic
e0ac4a1083 lessons in correct order and scoreboard visible again (#680) 2019-10-10 09:45:43 +02:00
Choe Hyeong Jin
b481ed70e8 Fix typo in SQL Injection(Introduction) (#675) 
Fix typo `date` to `data` which seems more appropriate in context.
 2019-10-03 10:01:35 +02:00
Nanne Baars
dad9c75ee0 Fix tests after updating from develop, changes applied for migrating to Spring Boot 2 2019-09-23 17:35:04 +02:00
Nanne Baars
35c1305ce9 Merge conflicts resolved 2019-09-23 07:34:27 +02:00
Nanne Baars
e8d086ac9b All successful 2019-09-20 07:59:04 +02:00
Nanne Baars
82ad0a7cc7 Finally working 2019-09-18 17:53:43 +02:00
Nanne Baars
5e6f825e64 WIP 2019-09-13 16:42:13 +02:00
René Zubcevic
fb2e11fe11 fix for complete progress of sql mitigations and integration test 2019-09-10 13:58:58 +02:00
Nanne Baars
f7c8a271aa Fixed small typos 2019-09-09 13:55:24 +02:00
Nanne Baars
7a4f6e6fd3 Merge branch 'JeffreyWagnerBHN-develop' into develop 2019-09-09 13:54:38 +02:00
ephemeralwaves
aec051a9f1 Fixed minor spelling mistake 2019-09-09 13:41:38 +02:00
Jeffrey Wagner
75a174ff7b Fixed description and grammer 2019-09-06 21:12:55 -04:00
René Zubcevic
924a53c22a fixed sql adv 5 progress and added prove in integration test 2019-08-22 17:44:34 +02:00
Rene Zubcevic
7ad3996f2f fix 6a6b page 2019-07-22 15:36:31 +02:00
Rene Zubcevic
b65644edee progress fix for SqlInjectionMitigations 2019-07-22 12:16:18 +02:00
René Zubcevic
7d0a63ac95 small html changes to improve progress 2019-07-20 09:34:27 +02:00
Rene Zubcevic
656fa40182 style sheet and advanced sql 2019-07-19 16:49:30 +02:00
Rene Zubcevic
99435a1073 increased sql form fields and fixed chrome progress 2019-07-19 12:16:06 +02:00
Nanne Baars
98537426f2 SNAPSHOT version 2019-05-03 11:15:11 +02:00