dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
WebGoat/src/main/resources/lessons/sqlinjection/html/SqlInjection.html
Àngel Ollé Blázquez b93c935d6c Renamed to sqlinjection
2022-07-31 22:39:21 +02:00

294 lines
12 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/assignments.css}"/>
<!--Page 1-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_plan.adoc"></div>
</div>
<!--Page 2-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content1.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack2"
autocomplete="off">
<table>
<tr>
<td><label>SQL query</label></td>
<td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
</tr>
<tr>
<td><button type="SUBMIT">Submit</button></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!--Page 3-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content2.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack3"
autocomplete="off">
<table>
<tr>
<td><label>SQL query</label></td>
<td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
</tr>
<tr>
<td><button type="SUBMIT">Submit</button></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!--Page 4-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content3.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack4"
autocomplete="off">
<table>
<tr>
<td><label>SQL query</label></td>
<td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
</tr>
<tr>
<td><button type="SUBMIT">Submit</button></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!--Page 5-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content4.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack5"
autocomplete="off">
<table>
<tr>
<td><label>SQL query</label></td>
<td width="100%"><input class="form-control" name="query" value="" type="TEXT" placeholder="SQL query"/></td>
</tr>
<tr>
<td><button type="SUBMIT">Submit</button></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!--Page 6-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_before.adoc"></div>
<div>
<label for="username-preview">Username:</label>
<input id="preview-input" type="text" name="username" val=""/>
<div class="listingblock">
<div class="content">
<pre>"SELECT * FROM users WHERE name = '<span id="input-preview" style="font-weight: bold;"></span>'";</pre>
</div>
</div>
<script>
$(document).ready( () => {
$("#preview-input").on("keyup", (e) => {
$("#input-preview").text(e.target.value);
});
});
</script>
</div>
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content5_after.adoc"></div>
</div>
<!--Page 7-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content6.adoc"></div>
</div>
<!--Page 8-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content7.adoc"></div>
</div>
<!--Page 9-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content11.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/assignment5a">
<table>
<tr>
<td>SELECT * FROM user_data WHERE first_name = 'John' AND last_name = '</td>
<td><select name="account">
<option>Smith</option>
<option>'Smith</option>
<option>'</option>
<option>'Smith'</option>
<option>Smith'</option>
</select></td>
<td>
<select name="operator">
<option>or</option>
<option>and</option>
<option>and not</option>
</select>
</td>
<td>
<select name="injection">
<option>1 = 1</option>
<option>1 = 2</option>
<option>1' = '2</option>
<option>'1' = '1</option>
<option>'1' = '2</option>
<option>Last_Name = 'Smith</option>
</select>
</td>
<td>'</td>
<td><input
name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content12.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/assignment5b">
<table>
<tr>
<td>Login_Count:</td>
<td><input name="login_count" type="text" required="true"/></td>
</tr>
<tr>
<td>User_Id:</td>
<td><input name="userid" type="TEXT" required="true"/></td>
</tr>
<tr>
<td></td>
<td><input
name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content8.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack8"
autocomplete="off">
<table>
<tr>
<td><label>Employee Name:</label></td>
<td><input name="name" value="" type="TEXT" placeholder="Lastname"/></td>
</tr>
<tr>
<td><label>Authentication TAN:</label></td>
<td><input name="auth_tan" value="" type="TEXT" placeholder="TAN"/></td>
</tr>
<tr>
<td><button type="SUBMIT">Get department</button></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!--Page 10-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content9.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack9"
autocomplete="off">
<table>
<tr>
<td><label>Employee Name:</label></td>
<td><input name="name" value="" type="TEXT" placeholder="Lastname"/></td>
</tr>
<tr>
<td><label>Authentication TAN:</label></td>
<td><input name="auth_tan" value="" type="TEXT" placeholder="TAN"/></td>
</tr>
<tr>
<td><button type="SUBMIT">Get department</button></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
<!--Page 11-->
<div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/sqlinjection/documentation/SqlInjection_introduction_content10.adoc"></div>
<div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
<form class="attack-form" accept-charset="UNKNOWN"
method="POST" name="form"
action="/WebGoat/SqlInjection/attack10"
autocomplete="off">
<table>
<tr>
<td><label>Action contains:</label></td>
<td><input name="action_string" value="" type="TEXT" placeholder="Enter search string"/></td>
</tr>
<tr>
<td><button type="SUBMIT">Search logs</button></td>
</tr>
</table>
</form>
<div class="attack-feedback"></div>
<div class="attack-output"></div>
</div>
</div>
</html>
Reference in New Issue View Git Blame Copy Permalink