SQL injection add hints WebGoat#470

acharyaPranam · Feb 9, 2019 · 941ca5e · 941ca5e
1 parent 5bc4819
commit 941ca5e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/.../sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java b/.../sql-injection/src/main/java/org/owasp/webgoat/plugin/advanced/SqlInjectionChallenge.java
@@ -3,6 +3,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
+import org.owasp.webgoat.assignments.AssignmentHints;
 import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
 import org.owasp.webgoat.session.DatabaseUtilities;
@@ -23,6 +24,7 @@
  * @since 4/8/17.
  */
 @AssignmentPath("SqlInjection/challenge")
+@AssignmentHints(value = {"SqlInjectionChallenge1", "SqlInjectionChallenge2", "SqlInjectionChallenge3"})
 @Slf4j
 public class SqlInjectionChallenge extends AssignmentEndpoint {
 

diff --git a/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties b/webgoat-lessons/sql-injection/src/main/resources/i18n/WebGoatLabels.properties
@@ -6,6 +6,9 @@ sql.injection.title=SQL Injection
 sql.mitigation.title=SQL Injection (mitigation)
 sql.advanced.title=SQL Injection (advanced)
 
+SqlInjectionChallenge1=Look at the different response you receive from the server
+SqlInjectionChallenge2=The vulnerability is on the register form
+SqlInjectionChallenge3=Use tooling to automate this attack
 
 NoResultsMatched=No results matched. Try Again.
 SqlStringInjectionHint1=The application is taking your input and inserting it at the end of a pre-formed SQL command.