dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
webgoat
main
project
JavaSource
WebContent
META-INF
WEB-INF
css
database
images
javascript
lesson_plans
AccessControlMatrix.html
BackDoors.html
BasicAuthentication.html
BlindSqlInjection.html
BufferOverflow.html
CSRF.html
ChallengeScreen.html
ClientSideFiltering.html
ClientSideValidation.html
CommandInjection.html
ConcurrencyCart.html
CrossSiteScripting.html
DBCrossSiteScripting.html
DBSQLInjection.html
DOMInjection.html
DOMXSS.html
DOS_Login.html
DangerousEval.html
Encoding.html
FailOpenAuthentication.html
ForcedBrowsing.html
ForgotPassword.html
HiddenFieldTampering.html
HtmlClues.html
HttpBasics.html
HttpOnly.html
HttpSplitting.html
JSONInjection.html
JavaScriptValidation.html
Lesson_Plan_Template.html
LogSpoofing.html
NewLesson.html
PathBasedAccessControl.html
ReflectedXSS.html
RemoteAdminFlaw.html
RoleBasedAccessControl.html
SameOriginPolicyProtection.html
SilentTransactions.html
SoapRequest.html
SqlNumericInjection.html
SqlStringInjection.html
StoredXss.html
ThreadSafetyProblem.html
TraceXSS.html
UncheckedEmail.html
WSDLScanning.html
WeakAuthenticationCookie.html
WeakSessionID.html
WelcomeScreeen.html
WsSAXInjection.html
WsSqlInjection.html
XMLInjection.html
XPATHInjection.html
lesson_solutions
lessons
users
main.jsp
sideWindow.jsp
webgoat.jsp
webgoat_challenge.jsp
doc
build.xml
HOW TO create the WebGoat workspace.txt
WAR Installation Instructions.txt
build.xml
eclipse.bat
readme.txt
webgoat for SQL Server.bat
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
1b6789304c14dcf23c60bddcb40d585ea727c542
WebGoat/ webgoat/main/project/WebContent/lesson_plans/DBSQLInjection.html
rogan.dawes 7bb2c087a0 Add lesson plans for the DB labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@174 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-11 12:56:26 +00:00

17 lines
661 B
HTML
Executable File
Raw Blame History

<div align="Center">
<p><b>Lesson Plan Title:</b> How to Perform SQL Injection</p>
</div>
<p><b>Concept / Topic To Teach:</b></p>
<!-- Start Instructions -->
It is always a good practice to scrub all inputs, especially those
inputs that will later be used as parameters to OS commands, scripts,
and database queries. Users should not be able to alter the intent of
commands that are executed on the server, in many cases as a privileged user.
<!-- Stop Instructions -->
<p><b>General Goal(s):</b></p>
For this exercise, you will perform a SQL Injection attack.
You will also implement code changes in the database to defeat
these attacks.
<br>
Reference in New Issue View Git Blame Copy Permalink