<%@ page contentType="text/html; charset=ISO-8859-1" language="java" import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection" errorPage="" %> <% WebSession webSession = ((WebSession)session.getAttribute("websession")); Employee employee = (Employee) session.getAttribute("SQLInjection." + SQLInjection.EMPLOYEE_ATTRIBUTE_KEY); // int myUserId = getIntSessionAttribute(webSession, "SQLInjection." + SQLInjection.USER_ID); %>
Welcome Back <%=webSession.getUserNameInLesson()%>
First Name: <%=employee.getFirstName()%> Last Name: <%=employee.getLastName()%>
Street: <%=employee.getAddress1()%> City/State: <%=employee.getAddress2()%>
Phone: <%=employee.getPhoneNumber()%> Start Date: <%=employee.getStartDate()%>
SSN: <%=employee.getSsn()%> Salary: <%=employee.getSalary()%>
Credit Card: <%=employee.getCcn()%> Credit Card Limit: <%=employee.getCcnLimit()%>
Comments: <%=employee.getPersonalDescription()%> Manager: <%=employee.getManager()%>
Disciplinary Explanation: <%=employee.getDisciplinaryActionNotes()%> Disciplinary Action Dates: <%=employee.getDisciplinaryActionDate()%>
<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.LISTSTAFF_ACTION)) { %>
<% } %> 		<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.EDITPROFILE_ACTION)) { %>
<% } %> 		<% if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.DELETEPROFILE_ACTION)) { %>
<% } %>