Skip to content

Commit

Permalink
sync sqlinject
Browse files Browse the repository at this point in the history
  • Loading branch information
@zha0cai
zha0cai committed Jun 19, 2024
1 parent fa0103c commit 92d02c3
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
7 changes: 4 additions & 3 deletions src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson5b.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,13 +61,15 @@ public AttackResult completed(
protected AttackResult injectableQuery(String login_count, String accountName) {
String queryString = "SELECT * From user_data WHERE Login_Count = ? and userid= " + accountName;
try (Connection connection = dataSource.getConnection()) {
// 占位符 + 预编译 prepareStatement
PreparedStatement query =
connection.prepareStatement(
queryString, ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);

int count = 0;
try {
count = Integer.parseInt(login_count);
count = Integer.parseInt(login_count); // 只占位这个参数,在这进行预编译设置
// accountName 参数并没有使用占位符和预编译,使用的是直接拼接的方式
} catch (Exception e) {
return failed(this)
.output(
Expand All @@ -80,8 +82,7 @@ protected AttackResult injectableQuery(String login_count, String accountName) {
}

query.setInt(1, count);
// String query = "SELECT * FROM user_data WHERE Login_Count = " + login_count + " and userid
// = " + accountName, ;
// String query = "SELECT * FROM user_data WHERE Login_Count = " + login_count + " and userid= " + accountName;
try {
ResultSet results = query.executeQuery();

Expand Down
1 change: 1 addition & 0 deletions src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ protected AttackResult injectableQueryIntegrity(String name, String auth_tan) {
int newSumSalariesOfOtherEmployees = this.getSumSalariesOfOtherEmployees(connection);
if (newJohnSalary > oldMaxSalary
&& newSumSalariesOfOtherEmployees == oldSumSalariesOfOtherEmployees) {
// 注意其他员工的工资总额不能改变
// success commit
connection.commit(); // need execute not executeQuery
connection.setAutoCommit(true);
Expand Down

0 comments on commit 92d02c3

Please sign in to comment.