package org.owasp.webgoat.session;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
import org.owasp.webgoat.lessons.AbstractLesson;
/***************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* For details, please see http://webgoat.github.io
*
* @author Jeff Williams <a href="http://www.aspectsecurity.com">Aspect Security</a>
*/
public class CreateDB
{
/**
* Description of the Method
*
* @param connection
* Description of the Parameter
*
* @exception SQLException
* Description of the Exception
*/
private void createMessageTable(Connection connection) throws SQLException
{
Statement statement = connection.createStatement();
// Drop admin user table
try
{
String dropTable = "DROP TABLE messages";
statement.executeUpdate(dropTable);
} catch (SQLException e)
{
System.out.println("Info - Could not drop message database");
}
// Create the new table
try
{
String createTableStatement = "CREATE TABLE messages (" + "num int not null," + "title varchar(50),"
+ "message varchar(200)," + "user_name varchar(50) not null, " + "lesson_type varchar(50) not null"
+ ")";
statement.executeUpdate(createTableStatement);
} catch (SQLException e)
{
System.out.println("Error creating message database " + e.getLocalizedMessage());
}
}
/**
* Description of the Method
*
* @param connection Description of the Parameter
*
* @exception SQLException Description of the Exception
*/
private void createMFEImagesTable(Connection connection) throws SQLException
{
Statement statement = connection.createStatement();
// Drop mfe_images table
try
{
String dropTable = "DROP TABLE mfe_images";
statement.executeUpdate(dropTable);
}
catch (SQLException e)
{
System.out.println("Info - Could not drop mfe_images table from database");
}
// Create the new mfe_images table
try
{
String createTableStatement = "CREATE TABLE mfe_images ("
+ "user_name varchar(50) not null, "
+ "image_relative_url varchar(50) not null"
+ ")";
statement.executeUpdate(createTableStatement);
}
catch (SQLException e)
{
System.out.println("Error creating mfe_images table in database " + e.getLocalizedMessage());
}
}
/**
* Description of the Method
*
* @param connection
* Description of the Parameter
*
* @exception SQLException
* Description of the Exception
*/
private void createProductTable(Connection connection) throws SQLException
{
Statement statement = connection.createStatement();
// Drop admin user table
try
{
String dropTable = "DROP TABLE product_system_data";
statement.executeUpdate(dropTable);
} catch (SQLException e)
{
System.out.println("Info - Could not drop product table");
}
// Create the new table
try
{
String createTableStatement = "CREATE TABLE product_system_data ("
+ "productid varchar(6) not null primary key," + "product_name varchar(20)," + "price varchar(10)"
+ ")";
statement.executeUpdate(createTableStatement);
} catch (SQLException e)
{
System.out.println("Error creating product table " + e.getLocalizedMessage());
}
// Populate
String insertData1 = "INSERT INTO product_system_data VALUES ('32226','Dog Bone','$1.99')";
String insertData2 = "INSERT INTO product_system_data VALUES ('35632','DVD Player','$214.99')";
String insertData3 = "INSERT INTO product_system_data VALUES ('24569','60 GB Hard Drive','$149.99')";
String insertData4 = "INSERT INTO product_system_data VALUES ('56970','80 GB Hard Drive','$179.99')";
String insertData5 = "INSERT INTO product_system_data VALUES ('14365','56 inch HDTV','$6999.99')";
statement.executeUpdate(insertData1);
statement.executeUpdate(insertData2);
statement.executeUpdate(insertData3);
statement.executeUpdate(insertData4);
statement.executeUpdate(insertData5);
}
/**
* Description of the Method
*
* @param connection
* Description of the Parameter
*
* @exception SQLException
* Description of the Exception
*/
private void createUserAdminTable(Connection connection) throws SQLException
{
Statement statement = connection.createStatement();
// Drop admin user table
try
{
String dropTable = "DROP TABLE user_system_data";
statement.executeUpdate(dropTable);
} catch (SQLException e)
{
System.out.println("Info - Could not drop user admin table");
}
// Create the new table
try
{
String createTableStatement = "CREATE TABLE user_system_data (" + "userid varchar(5) not null primary key,"
+ "user_name varchar(12)," + "password varchar(10)," + "cookie varchar(30)" + ")";
statement.executeUpdate(createTableStatement);
} catch (SQLException e)
{
System.out.println("Error creating user admin table " + e.getLocalizedMessage());
}
// Populate
String insertData1 = "INSERT INTO user_system_data VALUES ('101','jsnow','passwd1', '')";
String insertData2 = "INSERT INTO user_system_data VALUES ('102','jdoe','passwd2', '')";
String insertData3 = "INSERT INTO user_system_data VALUES ('103','jplane','passwd3', '')";
String insertData4 = "INSERT INTO user_system_data VALUES ('104','jeff','jeff', '')";
String insertData5 = "INSERT INTO user_system_data VALUES ('105','dave','dave', '')";
statement.executeUpdate(insertData1);
statement.executeUpdate(insertData2);
statement.executeUpdate(insertData3);
statement.executeUpdate(insertData4);
statement.executeUpdate(insertData5);
}
/**
* Description of the Method
*
* @param connection
* Description of the Parameter
*
* @exception SQLException
* Description of the Exception
*/
private void createUserDataTable(Connection connection) throws SQLException
{
Statement statement = connection.createStatement();
// Delete table if there is one
try
{
String dropTable = "DROP TABLE user_data";
statement.executeUpdate(dropTable);
} catch (SQLException e)
{
System.out.println("Info - Could not drop user table");
}
// Create the new table
try
{
String createTableStatement = "CREATE TABLE user_data (" + "userid int not null,"
+ "first_name varchar(20)," + "last_name varchar(20)," + "cc_number varchar(30),"
+ "cc_type varchar(10)," + "cookie varchar(20)," + "login_count int" + ")";
statement.executeUpdate(createTableStatement);
} catch (SQLException e)
{
System.out.println("Error creating user table " + e
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
WebGoat.rar (1748个子文件)
CreateDB.class 27KB
WebSession.class 22KB
SessionFixation.class 20KB
MultiLevelLogin1.class 19KB
Challenge2Screen.class 18KB
MultiLevelLogin2.class 18KB
AbstractLesson.class 18KB
Encoding.class 17KB
InsecureLogin.class 15KB
ConcurrencyCart.class 14KB
UncheckedEmail.class 14KB
ParameterParser.class 13KB
ClientSideFiltering.class 12KB
MaliciousFileExecution.class 12KB
SoapRequest.class 12KB
ClientSideValidation.class 12KB
HammerHead.class 12KB
HttpOnly.class 11KB
RoleBasedAccessControl.class 11KB
BlindScript.class 11KB
XMLInjection.class 11KB
OffByOne.class 11KB
CSRF.class 11KB
WSDLScanning.class 11KB
CrossSiteScripting.class 11KB
Course.class 11KB
SilentTransactions.class 11KB
UpdateProfile.class 10KB
ECSFactory.class 10KB
BackDoors.class 10KB
Phishing.class 10KB
BlindStringSqlInjection.class 10KB
HttpSplitting.class 10KB
JSONInjection.class 10KB
GoatHillsFinancial.class 10KB
DOMXSS.class 9KB
DangerousEval.class 9KB
StoredXss.class 9KB
WeakAuthenticationCookie.class 9KB
SQLInjection.class 9KB
XPATHInjection.class 9KB
SqlNumericInjection.class 9KB
JavaScriptValidation.class 9KB
WsSqlInjection.class 9KB
BlindNumericSqlInjection.class 9KB
ForgotPassword.class 9KB
DOMInjection.class 8KB
LessonTracker.class 8KB
CommandInjection.class 8KB
DBCrossSiteScripting.class 8KB
TraceXSS.class 8KB
UpdateProfile.class 8KB
UpdateProfile.class 8KB
DBSQLInjection.class 8KB
DefaultLessonAction.class 8KB
WeakSessionID.class 8KB
HiddenFieldTampering.class 8KB
LessonAdapter.class 8KB
SqlModifyData.class 8KB
PathBasedAccessControl.class 8KB
Exec.class 8KB
ReflectedXSS.class 8KB
SummaryReportCardScreen.class 8KB
PasswordStrength.class 7KB
BasicAuthentication.class 7KB
UpdateProfile.class 7KB
SqlStringInjection.class 7KB
FindProfile.class 7KB
DOS_Login.class 7KB
SqlAddData.class 7KB
AccessControlMatrix.class 7KB
Login.class 7KB
HtmlClues.class 7KB
Login.class 7KB
ReportCardScreen.class 7KB
BypassHtmlFieldRestrictions.class 6KB
ThreadSafetyProblem.class 6KB
ViewProfile.class 6KB
WsSAXInjection.class 6KB
SameOriginPolicyProtection.class 6KB
Login.class 6KB
WebgoatContext.class 6KB
ViewProfile.class 6KB
ErrorScreen.class 6KB
CsrfPromptByPass.class 6KB
UserTracker.class 6KB
LogSpoofing.class 6KB
ViewProfile.class 6KB
FindProfile.class 5KB
CsrfTokenByPass.class 5KB
ForcedBrowsing.class 5KB
Screen.class 5KB
HtmlEncoder.class 5KB
DatabaseUtilities.class 5KB
LessonMenuService.class 5KB
LessonSource.class 5KB
Start.class 5KB
EditProfile.class 5KB
EditProfile.class 5KB
ListStaff.class 5KB
共 1748 条
- 1
- 2
- 3
- 4
- 5
- 6
- 18
我是一个大猪头
- 粉丝: 3
- 资源: 22
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
前往页