[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-webgoat
Subject: [OWASP-WEBGOAT]database dump - lesson or admin function?
From: "Weiler, Jim" <Jim.Weiler () Staples ! com>
Date: 2005-04-14 0:12:19
Message-ID: 0D79B67AA1920446B5F4921CA87264E61A7F3E () fraexmb5 ! Staples ! com
[Download RAW message or body]
When I click the 'view database ' link I get a page with '* Error generating
lessons.admin.ViewDatabase' above the 'enter a sql statement' text box. Is
this a Webgoat setup error or part of a lesson? The report card shows this
page as a 'hackable admin page' - so I guess you can hack it, but do you
have to hack it to dump the database? Is there more to the database than
users and products?
Jim Weiler
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2800.1491" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=263580500-14042005>When I click the
'view database ' link I get a page with '<FONT color=#ff0000>* Error generating
lessons.admin.ViewDatabase' <FONT color=#000000>above the</FONT> </FONT><FONT
color=#000000>'enter a sql statement' text box. Is this a Webgoat setup error or
part of a lesson? The report card shows this page as a 'hackable admin page' -
so I guess you can hack it, but do you have to hack it to dump the
database? Is there more to the database than users and
products?</FONT></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV align=left><FONT face=Arial size=2>Jim Weiler</FONT></DIV>
<DIV> </DIV></BODY></HTML>
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
OWASP-WEBGOAT mailing list
OWASP-WEBGOAT@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-webgoat
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic