6a96547ef0
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
51 lines
2.1 KiB
HTML
51 lines
2.1 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
|
<title>Solution Lab SQL Injection Stage4</title>
|
|
<link rel="stylesheet" type="text/css"
|
|
href="lesson_solutions/formate.css">
|
|
</head>
|
|
<body>
|
|
<p><b>Lesson Plan Title:</b> How to Perform a SQLInjection</p>
|
|
|
|
<p><b>Concept / Topic To Teach:</b><br />
|
|
SQL injection attacks represent a serious threat to any database-driven
|
|
site. The methods behind an attack are easy to learn and the damage
|
|
caused can range from considerable to complete system compromise.
|
|
Despite these risks, an incredible number of systems on the internet are
|
|
susceptible to this form of attack.</p>
|
|
|
|
<p>Not only is it a threat easily instigated, it is also a threat
|
|
that, with a little common-sense and forethought, can easily be
|
|
prevented.</p>
|
|
|
|
<p>It is always good practice to sanitize all input data, especially
|
|
data that will used in OS command, scripts, and database queiries, even
|
|
if the threat of SQL injection has been prevented in some other manner.
|
|
</p>
|
|
|
|
<p><b>General Goal(s):</b><br />
|
|
For this exercise, you will perform SQLInjection attacks. You will also
|
|
implement code changes in the web application to defeat these attacks.</p>
|
|
|
|
<b>Solution:</b><br />
|
|
The solution is simular to Stage2. That is why here is only a short solution.<br/>
|
|
You have to alter the class org.owasp.webgoat.lessons.SQLInjection.ViewProfile.java<br/>
|
|
Alter the method getEmployeeProfile to something like this:
|
|
<pre><code>
|
|
String query = "SELECT employee.* "
|
|
+ "FROM employee,ownership WHERE employee.userid = ownership.employee_id and "
|
|
+ "ownership.employer_id = ? and ownership.employee_id = ?";
|
|
try
|
|
{
|
|
Connection connection = WebSession.getConnections(s);
|
|
PreparedStatement statement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
|
|
statement.setString(1, userId);
|
|
statement.setString(2, subjectUserId);
|
|
ResultSet answer_results = statement.executeQuery();
|
|
etc...
|
|
</code></pre>
|
|
|
|
</body>
|
|
</html> |