Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
332 additions
and
109 deletions.
There are no files selected for viewing
63 changes: 63 additions & 0 deletions
63
...at-lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionAdvanced.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
package org.owasp.webgoat.plugin; | ||
|
||
import org.owasp.webgoat.lessons.Category; | ||
import org.owasp.webgoat.lessons.NewLesson; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
/** | ||
* ************************************************************************************************ | ||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, | ||
* please see http://www.owasp.org/ | ||
* <p> | ||
* Copyright (c) 2002 - 20014 Bruce Mayhew | ||
* <p> | ||
* This program is free software; you can redistribute it and/or modify it under the terms of the | ||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the | ||
* License, or (at your option) any later version. | ||
* <p> | ||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without | ||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* General Public License for more details. | ||
* <p> | ||
* You should have received a copy of the GNU General Public License along with this program; if | ||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | ||
* 02111-1307, USA. | ||
* <p> | ||
* Getting Source ============== | ||
* <p> | ||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software | ||
* projects. | ||
* <p> | ||
* | ||
* @author WebGoat | ||
* @version $Id: $Id | ||
* @since October 12, 2016 | ||
*/ | ||
public class SqlInjectionAdvanced extends NewLesson { | ||
@Override | ||
public Category getDefaultCategory() { | ||
return Category.INJECTION; | ||
} | ||
|
||
@Override | ||
public List<String> getHints() { | ||
return new ArrayList<>(); | ||
} | ||
|
||
@Override | ||
public Integer getDefaultRanking() { | ||
return 1; | ||
} | ||
|
||
@Override | ||
public String getTitle() { | ||
return "SQL Injection (advanced)"; | ||
} | ||
|
||
@Override | ||
public String getId() { | ||
return "SqlInjectionAdvanced"; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
63 changes: 63 additions & 0 deletions
63
...lessons/sql-injection/src/main/java/org/owasp/webgoat/plugin/SqlInjectionMitigations.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
package org.owasp.webgoat.plugin; | ||
|
||
import org.owasp.webgoat.lessons.Category; | ||
import org.owasp.webgoat.lessons.NewLesson; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
/** | ||
* ************************************************************************************************ | ||
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, | ||
* please see http://www.owasp.org/ | ||
* <p> | ||
* Copyright (c) 2002 - 20014 Bruce Mayhew | ||
* <p> | ||
* This program is free software; you can redistribute it and/or modify it under the terms of the | ||
* GNU General Public License as published by the Free Software Foundation; either version 2 of the | ||
* License, or (at your option) any later version. | ||
* <p> | ||
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without | ||
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* General Public License for more details. | ||
* <p> | ||
* You should have received a copy of the GNU General Public License along with this program; if | ||
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | ||
* 02111-1307, USA. | ||
* <p> | ||
* Getting Source ============== | ||
* <p> | ||
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software | ||
* projects. | ||
* <p> | ||
* | ||
* @author WebGoat | ||
* @version $Id: $Id | ||
* @since October 12, 2016 | ||
*/ | ||
public class SqlInjectionMitigations extends NewLesson { | ||
@Override | ||
public Category getDefaultCategory() { | ||
return Category.INJECTION; | ||
} | ||
|
||
@Override | ||
public List<String> getHints() { | ||
return new ArrayList<>(); | ||
} | ||
|
||
@Override | ||
public Integer getDefaultRanking() { | ||
return 1; | ||
} | ||
|
||
@Override | ||
public String getTitle() { | ||
return "SQL Injection (mitigations)"; | ||
} | ||
|
||
@Override | ||
public String getId() { | ||
return "SqlInjectionMitigations"; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
85 changes: 85 additions & 0 deletions
85
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionAdvanced.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
<!DOCTYPE html> | ||
|
||
<html xmlns:th="http://www.thymeleaf.org"> | ||
|
||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjectionAdvanced_plan.adoc"></div> | ||
</div> | ||
|
||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content6.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content6a.adoc"></div> | ||
<div class="attack-container"> | ||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||
<form class="attack-form" accept-charset="UNKNOWN" | ||
method="POST" name="form" | ||
action="/WebGoat/SqlInjection/attack6a" | ||
enctype="application/json;charset=UTF-8"> | ||
<table> | ||
<tr> | ||
<td>Name:</td> | ||
<td><input name="userid_6a" value="" type="TEXT"/></td> | ||
<td><input | ||
name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td> | ||
<td></td> | ||
</tr> | ||
</table> | ||
</form> | ||
<div class="attack-feedback"></div> | ||
<div class="attack-output"></div> | ||
</div> | ||
<div class="attack-container"> | ||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||
<form class="attack-form" accept-charset="UNKNOWN" | ||
method="POST" name="form" | ||
action="/WebGoat/SqlInjection/attack6b" | ||
enctype="application/json;charset=UTF-8"> | ||
<table> | ||
<tr> | ||
<td>Password:</td> | ||
<td><input name="userid_6b" value="" type="TEXT"/></td> | ||
<td><input | ||
name="Check Dave's Password:" value="Check Password" type="SUBMIT"/></td> | ||
<td></td> | ||
</tr> | ||
</table> | ||
</form> | ||
<div class="attack-feedback"></div> | ||
<div class="attack-output"></div> | ||
</div> | ||
|
||
</div> | ||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content7.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content8.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content9.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content10.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content11.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content12.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content13.adoc"></div> | ||
</div> | ||
|
||
</html> |
85 changes: 85 additions & 0 deletions
85
webgoat-lessons/sql-injection/src/main/resources/html/SqlInjectionMitigation.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
<!DOCTYPE html> | ||
|
||
<html xmlns:th="http://www.thymeleaf.org"> | ||
|
||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjectionAdvanced_plan.adoc"></div> | ||
</div> | ||
|
||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content6.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content6a.adoc"></div> | ||
<div class="attack-container"> | ||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||
<form class="attack-form" accept-charset="UNKNOWN" | ||
method="POST" name="form" | ||
action="/WebGoat/SqlInjection/attack6a" | ||
enctype="application/json;charset=UTF-8"> | ||
<table> | ||
<tr> | ||
<td>Name:</td> | ||
<td><input name="userid_6a" value="" type="TEXT"/></td> | ||
<td><input | ||
name="Get Account Info" value="Get Account Info" type="SUBMIT"/></td> | ||
<td></td> | ||
</tr> | ||
</table> | ||
</form> | ||
<div class="attack-feedback"></div> | ||
<div class="attack-output"></div> | ||
</div> | ||
<div class="attack-container"> | ||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> | ||
<form class="attack-form" accept-charset="UNKNOWN" | ||
method="POST" name="form" | ||
action="/WebGoat/SqlInjection/attack6b" | ||
enctype="application/json;charset=UTF-8"> | ||
<table> | ||
<tr> | ||
<td>Password:</td> | ||
<td><input name="userid_6b" value="" type="TEXT"/></td> | ||
<td><input | ||
name="Check Dave's Password:" value="Check Password" type="SUBMIT"/></td> | ||
<td></td> | ||
</tr> | ||
</table> | ||
</form> | ||
<div class="attack-feedback"></div> | ||
<div class="attack-output"></div> | ||
</div> | ||
|
||
</div> | ||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content7.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content8.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content9.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content10.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content11.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content12.adoc"></div> | ||
</div> | ||
|
||
<div class="lesson-page-wrapper"> | ||
<div class="adoc-content" th:replace="doc:SqlInjection_content13.adoc"></div> | ||
</div> | ||
|
||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.