Merge pull request WebGoat#485 from matthias-g/fixSQLInjection

Fix sql injection
jzheaux · Jun 14, 2018 · 844808b · 844808b
2 parents 3b9b695 + b47bb96
commit 844808b
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 12 deletions.
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/CreateDB.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/CreateDB.java
@@ -232,19 +232,19 @@ private void createUserAdminTable(Connection connection) throws SQLException {
 
         // Create the new table
         try {
-            String createTableStatement = "CREATE TABLE user_system_data (" + "userid varchar(5) not null primary key,"
+            String createTableStatement = "CREATE TABLE user_system_data (" + "userid int not null primary key,"
                     + "user_name varchar(12)," + "password varchar(10)," + "cookie varchar(30)" + ")";
             statement.executeUpdate(createTableStatement);
         } catch (SQLException e) {
             System.out.println("Error creating user admin table " + e.getLocalizedMessage());
         }
 
         // Populate
-        String insertData1 = "INSERT INTO user_system_data VALUES ('101','jsnow','passwd1', '')";
-        String insertData2 = "INSERT INTO user_system_data VALUES ('102','jdoe','passwd2', '')";
-        String insertData3 = "INSERT INTO user_system_data VALUES ('103','jplane','passwd3', '')";
-        String insertData4 = "INSERT INTO user_system_data VALUES ('104','jeff','jeff', '')";
-        String insertData5 = "INSERT INTO user_system_data VALUES ('105','dave','dave', '')";
+        String insertData1 = "INSERT INTO user_system_data VALUES (101,'jsnow','passwd1', '')";
+        String insertData2 = "INSERT INTO user_system_data VALUES (102,'jdoe','passwd2', '')";
+        String insertData3 = "INSERT INTO user_system_data VALUES (103,'jplane','passwd3', '')";
+        String insertData4 = "INSERT INTO user_system_data VALUES (104,'jeff','jeff', '')";
+        String insertData5 = "INSERT INTO user_system_data VALUES (105,'dave','passW0rD', '')";
         statement.executeUpdate(insertData1);
         statement.executeUpdate(insertData2);
         statement.executeUpdate(insertData3);

diff --git a/...in/introduction/SqlInjectionLesson6a.java → ...plugin/advanced/SqlInjectionLesson6a.java b/...in/introduction/SqlInjectionLesson6a.java → ...plugin/advanced/SqlInjectionLesson6a.java
@@ -1,10 +1,11 @@
 
-package org.owasp.webgoat.plugin.introduction;
+package org.owasp.webgoat.plugin.advanced;
 
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentHints;
 import org.owasp.webgoat.assignments.AssignmentPath;
 import org.owasp.webgoat.assignments.AttackResult;
+import org.owasp.webgoat.plugin.introduction.SqlInjectionLesson5a;
 import org.owasp.webgoat.session.DatabaseUtilities;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -55,7 +56,6 @@ public class SqlInjectionLesson6a extends AssignmentEndpoint {
     AttackResult completed(@RequestParam String userid_6a) throws IOException {
         return injectableQuery(userid_6a);
         // The answer: Smith' union select userid,user_name, password,cookie,cookie, cookie,userid from user_system_data --
-
     }
 
     protected AttackResult injectableQuery(String accountName) {

diff --git a/...in/introduction/SqlInjectionLesson6b.java → ...plugin/advanced/SqlInjectionLesson6b.java b/...in/introduction/SqlInjectionLesson6b.java → ...plugin/advanced/SqlInjectionLesson6b.java
@@ -1,5 +1,5 @@
 
-package org.owasp.webgoat.plugin.introduction;
+package org.owasp.webgoat.plugin.advanced;
 
 import org.owasp.webgoat.assignments.AssignmentEndpoint;
 import org.owasp.webgoat.assignments.AssignmentPath;

diff --git a/...ons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6a.adoc b/...ons/sql-injection/src/main/resources/lessonPlans/en/SqlInjection_content6a.adoc
@@ -3,7 +3,7 @@
 Lets try to exploit a join to another table.  One of the tables in the WebGoat database is:
 
 -------------------------------------------------------
-CREATE TABLE user_system_data (userid varchar(5) not null primary key,
+CREATE TABLE user_system_data (userid int not null primary key,
 			                   user_name varchar(12),
 			                   password varchar(10),
 			                   cookie varchar(30));

diff --git a/...jection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java b/...jection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6aTest.java
@@ -64,7 +64,7 @@ public void correctSolution() throws Exception {
 
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$.lessonCompleted", is(true)))
-                .andExpect(jsonPath("$.feedback", containsString("dave")));
+                .andExpect(jsonPath("$.feedback", containsString("passW0rD")));
     }
 
     @Test

diff --git a/...jection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java b/...jection/src/test/java/org/owasp/webgoat/plugin/introduction/SqlInjectionLesson6bTest.java
@@ -30,7 +30,7 @@ public void setup() throws Exception {
     @Test
     public void submitCorrectPassword() throws Exception {
         mockMvc.perform(MockMvcRequestBuilders.post("/SqlInjection/attack6b")
-                .param("userid_6b", "dave"))
+                .param("userid_6b", "passW0rD"))
 
                 .andExpect(status().isOk()).andExpect(jsonPath("$.lessonCompleted", is(true)));
     }