dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
webgoat
main
project
JavaSource
WebContent
META-INF
WEB-INF
css
database
images
javascript
lesson_plans
lesson_solutions
lessons
ConfManagement
CrossSiteScripting
DBCrossSiteScripting
DBSQLInjection
General
GoatHillsFinancial
RoleBasedAccessControl
SQLInjection
images
EditProfile.jsp
ListStaff.jsp
Login.jsp
SQLInjection.css
SQLInjection.jsp
SearchStaff.jsp
ViewProfile.jsp
error.jsp
XPATHInjection
users
main.jsp
sideWindow.jsp
webgoat.jsp
webgoat_challenge.jsp
doc
build.xml
HOW TO create the WebGoat workspace.txt
WAR Installation Instructions.txt
build.xml
eclipse.bat
readme.txt
webgoat.bat
webgoat.sh
webgoat_8080.bat
webscarab.bat
3645564018bb51f78e0eef8a814a0659f153ee43
WebGoat/ webgoat/main/project/WebContent/lessons/SQLInjection/ViewProfile.jsp
rogan.dawes 9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
2007-07-18 13:31:11 +00:00

154 lines
4.1 KiB
Plaintext
Raw Blame History

<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.SQLInjection.SQLInjection"
errorPage="" %>
<%
WebSession webSession = ((WebSession)session.getAttribute("websession"));
Employee employee = (Employee) session.getAttribute("SQLInjection." + SQLInjection.EMPLOYEE_ATTRIBUTE_KEY);
// int myUserId = getIntSessionAttribute(webSession, "SQLInjection." + SQLInjection.USER_ID);
%>
<div class="lesson_title_box"><strong>Welcome Back </strong><span class="lesson_text_db"><%=webSession.getUserNameInLesson()%></span></div>
<div class="lesson_text">
<Table>
<TR><TD>
First Name:
</TD>
<TD>
<%=employee.getFirstName()%>
</TD>
<TD>
Last Name:
</TD>
<TD>
<%=employee.getLastName()%>
</TD>
</TR>
<TR><TD>
Street:
</TD>
<TD>
<%=employee.getAddress1()%>
</TD>
<TD>
City/State:
<TD>
<%=employee.getAddress2()%>
</TD>
</TR>
<TR><TD>
Phone:
</TD>
<TD>
<%=employee.getPhoneNumber()%>
</TD>
<TD>
Start Date:
</TD>
<TD>
<%=employee.getStartDate()%>
</TD>
</TR>
<TR><TD>
SSN:
</TD>
<TD>
<%=employee.getSsn()%>
</TD>
<TD>
Salary:
</TD>
<TD>
<%=employee.getSalary()%>
</TD>
</TR>
<TR><TD>
Credit Card:
</TD>
<TD>
<%=employee.getCcn()%>
</TD>
<TD>
Credit Card Limit:
</TD>
<TD>
<%=employee.getCcnLimit()%>
</TD>
</TR>
<TR><TD>
Comments:
</TD>
<TD>
<%=employee.getPersonalDescription()%>
</TD>
<TD>
Manager:
</TD>
<TD>
<%=employee.getManager()%>
</TD>
</TR>
<TR><TD>
Disciplinary Explanation:
</TD>
<TD>
<%=employee.getDisciplinaryActionNotes()%>
</TD>
<TD>
Disciplinary Action Dates:
</TD>
<TD>
<%=employee.getDisciplinaryActionDate()%>
</TD>
</TR>
</Table>
</div>
<div class="lesson_buttons_bottom">
<table width="460" height="20" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.LISTSTAFF_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.LISTSTAFF_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="50">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.EDITPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.EDITPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="60">
<%
if (webSession.isAuthorizedInLesson(webSession.getUserIdInLesson(), SQLInjection.DELETEPROFILE_ACTION))
{
%>
<form method="POST" action="<%=webSession.getCurrentLesson().getFormAction()%>">
<input type="hidden" name="<%=SQLInjection.EMPLOYEE_ID%>" value="<%=employee.getId()%>">
<input type="submit" name="action" value="<%=SQLInjection.DELETEPROFILE_ACTION%>"/>
</form>
<%
}
%>
</td>
<td width="190">&nbsp;</td>
<td width="76">
<form method="POST">
<input type="submit" name="action" value="<%=SQLInjection.LOGOUT_ACTION%>"/>
</form>
</td>
</tr>
</table>
</div>
Reference in New Issue View Git Blame Copy Permalink