'[OWASP-WEBGOAT]database dump - lesson or admin function?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-webgoat
Subject:    [OWASP-WEBGOAT]database dump - lesson or admin function?
From:       "Weiler, Jim" <Jim.Weiler () Staples ! com>
Date:       2005-04-14 0:12:19
Message-ID: 0D79B67AA1920446B5F4921CA87264E61A7F3E () fraexmb5 ! Staples ! com
[Download RAW message or body]

When I click the 'view database ' link I get a page with '* Error generating
lessons.admin.ViewDatabase' above the 'enter a sql statement' text box. Is
this a Webgoat setup error or part of a lesson? The report card shows this
page as a 'hackable admin page' - so I guess you can hack it, but do you
have to hack it to dump the database?  Is there more to the database than
users and products?
 
Jim Weiler
 

[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<TITLE>Message</TITLE>

<META content="MSHTML 6.00.2800.1491" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=263580500-14042005>When I click the 
'view database ' link I get a page with '<FONT color=#ff0000>* Error generating 
lessons.admin.ViewDatabase' <FONT color=#000000>above the</FONT> </FONT><FONT 
color=#000000>'enter a sql statement' text box. Is this a Webgoat setup error or 
part of a lesson? The report card shows this page as a 'hackable admin page' - 
so&nbsp;I guess you can hack it, but do you have to hack it to dump the 
database?&nbsp; Is there more to the database than users and 
products?</FONT></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
<DIV align=left><FONT face=Arial size=2>Jim Weiler</FONT></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
OWASP-WEBGOAT mailing list
OWASP-WEBGOAT@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-webgoat

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic