team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

working on a tutorial for the scope injection / sql injection

Browse Source
This commit is contained in:
cktricky
2014-04-17 20:51:16 -04:00
parent 6975f94381
commit 77fcf26abd
4 changed files with 94 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/admin_controller.rb
+3 -2
View File
@@ -10,8 +10,9 @@ class AdminController < ApplicationController
if params[:field].nil? if params[:field].nil?
fields = "*" fields = "*"
else else
#fields = params[:field].map {|k,v| k }.join(",") fields = params[:field].map {|k,v| k }.join(",")
fields = params[:field].map {|k,v| Analytics.parse_field(k) }.join(",") # This seems to be a bit safer
#fields = params[:field].map {|k,v| Analytics.parse_field(k) }.join(",")
end end
if params[:ip] if params[:ip]
app/views/layouts/tutorial/injection/_injection_command.html.erb
+8 -8
View File
@@ -8,13 +8,13 @@
<div id="accordion1" class="accordion no-margin"> <div id="accordion1" class="accordion no-margin">
<div class="accordion-group"> <div class="accordion-group">
<div class="accordion-heading"> <div class="accordion-heading">
<a href="#collapseFive" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle"> <a href="#collapseNine" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-info icon-white"> <i class="icon-info icon-white">
</i> </i>
Description Description
</a> </a>
</div> </div>
<div class="accordion-body in collapse" id="collapseFive" style="height: auto;"> <div class="accordion-body in collapse" id="collapseNine" style="height: auto;">
<div class="accordion-inner"> <div class="accordion-inner">
<p class="desc"> <p class="desc">
An OS command injection attack occurs when an attacker attempts to execute system level commands through a vulnerable application. Applications are considered vulnerable to the OS command injection attack if they utilize user input in a system level command. An OS command injection attack occurs when an attacker attempts to execute system level commands through a vulnerable application. Applications are considered vulnerable to the OS command injection attack if they utilize user input in a system level command.
@@ -24,13 +24,13 @@
</div> </div>
<div class="accordion-group"> <div class="accordion-group">
<div class="accordion-heading"> <div class="accordion-heading">
<a href="#collapseSix" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle"> <a href="#collapseTen" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-bug icon-white"> <i class="icon-bug icon-white">
</i> </i>
Bug Bug
</a> </a>
</div> </div>
<div class="accordion-body collapse" id="collapseSix" style="height: 0px;"> <div class="accordion-body collapse" id="collapseTen" style="height: 0px;">
<div class="accordion-inner"> <div class="accordion-inner">
<p class="desc"> <p class="desc">
This manifestation of the bug occurs within the Benefits model. A system command is used to make a copy of the file the user has chosen to upload. User-supplied input is leveraged in creating this system command. This manifestation of the bug occurs within the Benefits model. A system command is used to make a copy of the file the user has chosen to upload. User-supplied input is leveraged in creating this system command.
@@ -81,13 +81,13 @@
</div> </div>
<div class="accordion-group"> <div class="accordion-group">
<div class="accordion-heading"> <div class="accordion-heading">
<a href="#collapseSeven" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle"> <a href="#collapseEleven" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-lightning icon-white"> <i class="icon-lightning icon-white">
</i> </i>
Solution Solution
</a> </a>
</div> </div>
<div class="accordion-body collapse" id="collapseSeven" style="height: 0px;"> <div class="accordion-body collapse" id="collapseEleven" style="height: 0px;">
<div class="accordion-inner"> <div class="accordion-inner">
<p><b>Command Injection - ATTACK</b></p> <p><b>Command Injection - ATTACK</b></p>
<p class="desc"> <p class="desc">
@@ -139,13 +139,13 @@
</div> </div>
<div class="accordion-group"> <div class="accordion-group">
<div class="accordion-heading"> <div class="accordion-heading">
<a style="background-color: rgb(181, 121, 158)" href="#collapseEight" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle"> <a style="background-color: rgb(181, 121, 158)" href="#collapseTwelve" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-aid icon-white"> <i class="icon-aid icon-white">
</i> </i>
Hint Hint
</a> </a>
</div> </div>
<div class="accordion-body collapse" id="collapseEight" style="height: 0px;"> <div class="accordion-body collapse" id="collapseTwelve" style="height: 0px;">
<div class="accordion-inner"> <div class="accordion-inner">
Let's create a backup when uploading a file, wonder how they are naming it? Let's create a backup when uploading a file, wonder how they are naming it?
</div> </div>
app/views/layouts/tutorial/injection/_sqli_scope.html.erb
+78
View File
@@ -0,0 +1,78 @@
<div class="widget">
<div class="widget-header">
<div class="title">
<span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> A1 - SQL Injection - ActiveRecord Scope
</div>
</div>
<div class="widget-body">
<div id="accordion1" class="accordion no-margin">
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapseFive" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-info icon-white">
</i>
Description
</a>
</div>
<div class="accordion-body in collapse" id="collapseFive" style="height: auto;">
<div class="accordion-inner">
<p class="desc">
Insert
</p>
</div>
</div>
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapseSix" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-bug icon-white">
</i>
Bug
</a>
</div>
<div class="accordion-body collapse" id="collapseSix" style="height: 0px;">
<div class="accordion-inner">
<p class="desc">
Insert
</p>
</div>
</div>
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a href="#collapseSeven" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-lightning icon-white">
</i>
Solution
</a>
</div>
<div class="accordion-body collapse" id="collapseSeven" style="height: 0px;">
<div class="accordion-inner">
<p><b>SQL Injection - ATTACK</b></p>
<p class="desc">
insert
</p>
<p><b>SQL Injection - SOLUTION</b></p>
<p class="desc">
insert
</p>
</div>
</div>
</div>
<div class="accordion-group">
<div class="accordion-heading">
<a style="background-color: rgb(181, 121, 158)" href="#collapseEight" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-aid icon-white">
</i>
Hint
</a>
</div>
<div class="accordion-body collapse" id="collapseEight" style="height: 0px;">
<div class="accordion-inner">
insert
</div>
</div>
</div>
</div>
</div>
</div>
app/views/tutorials/injection.html.erb
+5
View File
@@ -5,6 +5,11 @@
<%= render :partial => "layouts/tutorial/injection/injection_first"%> <%= render :partial => "layouts/tutorial/injection/injection_first"%>
</div> <!-- End Span12--> </div> <!-- End Span12-->
</div> </div>
<div class="row-fluid">
<div class="span12"> <!-- Begin Span12-->
<%= render :partial => "layouts/tutorial/injection/sqli_scope"%>
</div> <!-- End Span12-->
</div>
<div class="row-fluid"> <div class="row-fluid">
<div class="span12"> <!-- Begin Span12--> <div class="span12"> <!-- Begin Span12-->
<%= render :partial => "layouts/tutorial/injection/injection_command"%> <%= render :partial => "layouts/tutorial/injection/injection_command"%>