Search code, repositories, users, issues, pull requests...

SqlInjectionLesson10.java:71

1

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java

Lines 66 to 71 in ac51cc6

    
           try (Connection connection = dataSource.getConnection()) { 
        
             try { 
        
               Statement statement = 
        
                   connection.createStatement( 
        
                       ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); 
        
               ResultSet results = statement.executeQuery(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java

Line 58 in ac51cc6

public AttackResult completed(@RequestParam String action_string) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java

Line 59 in ac51cc6

return injectableQueryAvailability(action_string);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java

Line 62 in ac51cc6

protected AttackResult injectableQueryAvailability(String action) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java

Line 64 in ac51cc6

String query = "SELECT * FROM access_log WHERE action LIKE '%" + action + "%'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson10.java

Line 71 in ac51cc6

ResultSet results = statement.executeQuery(query);

Secure Code Warrior Training Material

● Training

● Videos

● Further Reading

High

SQL Injection

SqlInjectionChallenge.java:69

1

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java

Lines 64 to 69 in ac51cc6

    
           try (Connection connection = dataSource.getConnection()) { 
        
             String checkUserQuery = 
        
                 "select userid from sql_challenge_users where userid = '" + username_reg + "'"; 
        
             Statement statement = connection.createStatement(); 
        
             ResultSet resultSet = statement.executeQuery(checkUserQuery);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java

Line 56 in ac51cc6

public AttackResult registerNewUser(

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java

Line 67 in ac51cc6

"select userid from sql_challenge_users where userid = '" + username_reg + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionChallenge.java

Line 69 in ac51cc6

ResultSet resultSet = statement.executeQuery(checkUserQuery);

Secure Code Warrior Training Material

● Training

● Videos

● Further Reading

InsecureDeserializationTask.java:60

High

Deserialization of Untrusted Data

CWE-502

1

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java

Lines 55 to 60 in ac51cc6

    
           b64token = token.replace('-', '+').replace('_', '/'); 
        
           try (ObjectInputStream ois = 
        
               new ObjectInputStream(new ByteArrayInputStream(Base64.getDecoder().decode(b64token)))) { 
        
             before = System.currentTimeMillis(); 
        
             Object o = ois.readObject();

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java

Line 49 in ac51cc6

public AttackResult completed(@RequestParam String token) throws IOException {

WebGoat/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java

Line 55 in ac51cc6

b64token = token.replace('-', '+').replace('_', '/');

WebGoat/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java

Line 58 in ac51cc6

    
           new ObjectInputStream(new ByteArrayInputStream(Base64.getDecoder().decode(b64token)))) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/deserialization/InsecureDeserializationTask.java

Line 60 in ac51cc6

Object o = ois.readObject();

Secure Code Warrior Training Material

● Training

▪ Secure Code Warrior Deserialization of Untrusted Data Training

● Videos

▪ Secure Code Warrior Deserialization of Untrusted Data Video

● Further Reading

▪ OWASP Deserialization Cheat Sheet

▪ OWASP Top Ten 2017 A8: Insecure Deserialization

▪ OWASP Deserialization of untrusted data

High

Path/Directory Traversal

CWE-22

ProfileUploadBase.java:43

2

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Lines 38 to 43 in ac51cc6

    
           File uploadDirectory = cleanupAndCreateDirectoryForUser(); 
        
           try { 
        
             var uploadedFile = new File(uploadDirectory, fullName); 
        
             uploadedFile.createNewFile();

2 Data Flow/s detected

View Data Flow 1

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java

Line 36 in ac51cc6

public AttackResult uploadFileHandler(

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java

Line 39 in ac51cc6

return super.execute(file, fullName);

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 31 in ac51cc6

protected AttackResult execute(MultipartFile file, String fullName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 42 in ac51cc6

var uploadedFile = new File(uploadDirectory, fullName);

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 43 in ac51cc6

uploadedFile.createNewFile();

View Data Flow 2

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java

Line 34 in ac51cc6

public AttackResult uploadFileHandler(

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java

Line 36 in ac51cc6

return super.execute(file, file.getOriginalFilename());

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 31 in ac51cc6

protected AttackResult execute(MultipartFile file, String fullName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 42 in ac51cc6

var uploadedFile = new File(uploadDirectory, fullName);

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 43 in ac51cc6

uploadedFile.createNewFile();

Secure Code Warrior Training Material

● Training

▪ Secure Code Warrior Path/Directory Traversal Training

● Vid 10000 eos

▪ Secure Code Warrior Path/Directory Traversal Video

● Further Reading

▪ OWASP Path Traversal

▪ OWASP Input Validation Cheat Sheet

High

SQL Injection

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Assignment5.java:59

1

2024-09-18 07:00pm

Vulnerable Code

Lines 54 to 59 in ac51cc6

    
           if (!"Larry".equals(username_login)) { 
        
             return failed(this).feedback("user.not.larry").feedbackArgs(username_login).build(); 
        
           } 
        
           try (var connection = dataSource.getConnection()) { 
        
             PreparedStatement statement = 
        
                 connection.prepareStatement(

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Line 49 in ac51cc6

public AttackResult login(

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Line 60 in ac51cc6

"select password from challenge_users where userid = '"

WebGoat/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java

Line 59 in ac51cc6

connection.prepareStatement(

Secure Code Warrior Training Material

● Training

● Videos

● Further Reading

High

SQL Injection

SqlInjectionLesson2.java:65

1

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Lines 60 to 65 in ac51cc6

    
           } 
        
           protected AttackResult injectableQuery(String query) { 
        
             try (var connection = dataSource.getConnection()) { 
        
               Statement statement = connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY); 
        
               ResultSet results = statement.executeQuery(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Line 58 in ac51cc6

public AttackResult completed(@RequestParam String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Line 59 in ac51cc6

return injectableQuery(query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Line 62 in ac51cc6

protected AttackResult injectableQuery(String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson2.java

Line 65 in ac51cc6

ResultSet results = statement.executeQuery(query);

Secure Code Warrior Training Material

● Training

● Videos

● Further Reading

High

SQL Injection

SqlInjectionLesson6a.java:74

3

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Lines 69 to 74 in ac51cc6

    
             usedUnion = false; 
        
           } 
        
           try (Statement statement = 
        
               connection.createStatement( 
        
                   ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY)) { 
        
             ResultSet results = statement.executeQuery(query);

3 Data Flow/s detected

View Data Flow 1

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 56 in ac51cc6

    
           public AttackResult completed(@RequestParam(value = "userid_6a") String userId) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 57 in ac51cc6

return injectableQuery(userId);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 62 in ac51cc6

public AttackResult injectableQuery(String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 66 in ac51cc6

query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 74 in ac51cc6

ResultSet results = statement.executeQuery(query);

View Data Flow 2

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java

Line 47 in ac51cc6

    
           public AttackResult attack(@RequestParam("userid_sql_only_input_validation") String userId) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidation.java

Line 51 in ac51cc6

AttackResult attackResult = lesson6a.injectableQuery(userId);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 62 in ac51cc6

public AttackResult injectableQuery(String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 66 in ac51cc6

query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 74 in ac51cc6

ResultSet results = statement.executeQuery(query);

View Data Flow 3

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java

Line 51 in ac51cc6

public AttackResult attack(

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java

Line 53 in ac51cc6

userId = userId.toUpperCase().replace("FROM", "").replace("SELECT", "");

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/mitigation/SqlOnlyInputValidationOnKeywords.java

Line 57 in ac51cc6

AttackResult attackResult = lesson6a.injectableQuery(userId);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 62 in ac51cc6

public AttackResult injectableQuery(String accountName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 66 in ac51cc6

query = "SELECT * FROM user_data WHERE last_name = '" + accountName + "'";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/advanced/SqlInjectionLesson6a.java

Line 74 in ac51cc6

ResultSet results = statement.executeQuery(query);

Secure Code Warrior Training Material

● Training

● Videos

● Further Reading

High

SQL Injection

SqlInjectionLesson3.java:63

1

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Lines 58 to 63 in ac51cc6

    
           try (Connection connection = dataSource.getConnection()) { 
        
             try (Statement statement = 
        
                 connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY)) { 
        
               Statement checkStatement = 
        
                   connection.createStatement(TYPE_SCROLL_INSENSITIVE, CONCUR_READ_ONLY); 
        
               statement.executeUpdate(query);

1 Data Flow/s detected

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Line 53 in ac51cc6

public AttackResult completed(@RequestParam String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Line 54 in ac51cc6

return injectableQuery(query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Line 57 in ac51cc6

protected AttackResult injectableQuery(String query) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson3.java

Line 63 in ac51cc6

statement.executeUpdate(query);

Secure Code Warrior Training Material

● Training

● Videos

● Further Reading

ProfileUploadBase.java:44

High

Path/Directory Traversal

CWE-22

3

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Lines 39 to 44 in ac51cc6

    
           File uploadDirectory = cleanupAndCreateDirectoryForUser(); 
        
           try { 
        
             var uploadedFile = new File(uploadDirectory, fullName); 
        
             uploadedFile.createNewFile(); 
        
             FileCopyUtils.copy(file.getBytes(), uploadedFile);

3 Data Flow/s detected

View Data Flow 1

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java

Line 36 in ac51cc6

public AttackResult uploadFileHandler(

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUpload.java

Line 39 in ac51cc6

return super.execute(file, fullName);

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 31 in ac51cc6

protected AttackResult execute(MultipartFile file, String fullName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 44 in ac51cc6

FileCopyUtils.copy(file.getBytes(), uploadedFile);

View Data Flow 2

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java

Line 36 in ac51cc6

public AttackResult uploadFileHandler(

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadFix.java

Line 39 in ac51cc6

    
           return super.execute(file, fullName != null ? fullName.replace("../", "") : "");

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 31 in ac51cc6

protected AttackResult execute(MultipartFile file, String fullName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 44 in ac51cc6

FileCopyUtils.copy(file.getBytes(), uploadedFile);

View Data Flow 3

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java

Line 34 in ac51cc6

public AttackResult uploadFileHandler(

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadRemoveUserInput.java

Line 36 in ac51cc6

return super.execute(file, file.getOriginalFilename());

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 31 in ac51cc6

protected AttackResult execute(MultipartFile file, String fullName) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/pathtraversal/ProfileUploadBase.java

Line 44 in ac51cc6

FileCopyUtils.copy(file.getBytes(), uploadedFile);

Secure Code Warrior Training Material

● Training

▪ Secure Code Warrior Path/Directory Traversal Training

● Videos

▪ Secure Code Warrior Path/Directory Traversal Video

● Further Reading

▪ OWASP Path Traversal

▪ OWASP Input Validation Cheat Sheet

High

SQL Injection

SqlInjectionLesson8.java:158

2

2024-09-18 07:00pm

Vulnerable Code

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Lines 153 to 158 in ac51cc6

    
           String logQuery = 
        
               "INSERT INTO access_log (time, action) VALUES ('" + time + "', '" + action + "')"; 
        
           try { 
        
             Statement statement = connection.createStatement(TYPE_SCROLL_SENSITIVE, CONCUR_UPDATABLE); 
        
             statement.executeUpdate(logQuery);

2 Data Flow/s detected

View Data Flow 1

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 59 in ac51cc6

    
           public AttackResult completed(@RequestParam String name, @RequestParam String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 60 in ac51cc6

return injectableQueryConfidentiality(name, auth_tan);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 63 in ac51cc6

    
           protected AttackResult injectableQueryConfidentiality(String name, String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 66 in ac51cc6

"SELECT * FROM employees WHERE last_name = '"

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 77 in ac51cc6

log(connection, query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 147 in ac51cc6

public static void log(Connection connection, String action) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 148 in ac51cc6

action = action.replace('\'', '"');

8000

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 154 in ac51cc6

    
           "INSERT INTO access_log (time, action) VALUES ('" + time + "', '" + action + "')";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 158 in ac51cc6

statement.executeUpdate(logQuery);

View Data Flow 2

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 60 in ac51cc6

    
           public AttackResult completed(@RequestParam String name, @RequestParam String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 61 in ac51cc6

return injectableQueryIntegrity(name, auth_tan);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 64 in ac51cc6

protected AttackResult injectableQueryIntegrity(String name, String auth_tan) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 67 in ac51cc6

"SELECT * FROM employees WHERE last_name = '"

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson9.java

Line 75 in ac51cc6

SqlInjectionLesson8.log(connection, query);

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 147 in ac51cc6

public static void log(Connection connection, String action) {

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 148 in ac51cc6

action = action.replace('\'', '"');

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 154 in ac51cc6

    
           "INSERT INTO access_log (time, action) VALUES ('" + time + "', '" + action + "')";

WebGoat/src/main/java/org/owasp/webgoat/lessons/sqlinjection/introduction/SqlInjectionLesson8.java

Line 158 in ac51cc6

statement.executeUpdate(logQuery);

Secure Code Warrior Training Material

● Training

● Videos

● Further Reading