Skip to content

Commit

Permalink
Updated layout
Browse files Browse the repository at this point in the history
  • Loading branch information
@subashsn
subashsn committed Aug 17, 2018
1 parent 73ec868 commit ffe81de
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 4 deletions.
Binary file modified docs/resources/sqli2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion docs/solution/a1-injection.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ http://127.0.0.1:9090/app/usersearch
By injecting a single quote `'`, we see an error has occurred.
![sqli1](/resources/sqli1.png "SQLi Trigger")

An attacker can exploit this further and obtain potentially sensitive information from the database by supplying the input `' UNION SELECT password,1 from Users where login='user' #`
An attacker can exploit this further and obtain potentially sensitive information from the database by supplying the input `' UNION SELECT password,1 from Users where login='user' --`
![sqli2](/resources/sqli2.png "Exploiting SQLi")

**Vulnerable Code snippet**
Expand Down
29 changes: 26 additions & 3 deletions views/learn.ejs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,21 @@
<div class='row'>
<div class='col-md-3'>
<div class='list-group'>
<h4>OWASP Top 10 2017</h4>
<% for (var vulnKey in vulnerabilities) { %>
<% if (vulnKey[1]!='x') { %>
<a href="/learn/vulnerability/<%=vulnKey%>" class='list-group-item'>
<i class='fa fa-angle-double-right'></i> <%=vulnerabilities[vulnKey]%>
</a>
<% } %>
<% } %>
<h4>OWASP Top 10 2013</h4>
<% for (var vulnKey in vulnerabilities) { %>
<% if (vulnKey[1]=='x') { %>
<a href="/learn/vulnerability/<%=vulnKey%>" class='list-group-item'>
<i class='fa fa-angle-double-right'></i> <%=vulnerabilities[vulnKey]%>
</a>
<% } %>
<% } %>
</div>
</div>
Expand All @@ -29,11 +40,23 @@
<% } %>
<h3>Welcome to <strong>Damn Vulnerable NodeJS Application</strong></h3>
<p>The <i>Damn Vulnerable NodeJS Application</i> implements a set of intentionally vulnerable functions in NodeJS for learning purpose.
Start by selecting one of the vulnerability class from the left menu or select one of the link below: </p>

Start by selecting one of the vulnerability class from the left menu or select one of the link below </p>

<h4>OWASP Top 10 2017</h4>
<ul>

<% for (var vulnKey in vulnerabilities) { %>
<% if (vulnKey[1]!='x') { %>
<li><a href='/learn/vulnerability/<%=vulnKey%>'> <%=vulnerabilities[vulnKey]%> </a></li>
<% } %>
<% } %>
</ul>
<h4>OWASP Top 10 2013</h4>
<ul>
<% for (var vulnKey in vulnerabilities) { %>
<li><a href='/learn/vulnerability/<%=vulnKey%>'> <%=vulnerabilities[vulnKey]%> </a></li>
<% if (vulnKey[1]=='x') { %>
<li><a href='/learn/vulnerability/<%=vulnKey%>'> <%=vulnerabilities[vulnKey]%> </a></li>
<% } %>
<% } %>
</ul>
</div>
Expand Down
11 changes: 11 additions & 0 deletions views/vulnerabilities/layout.ejs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,21 @@
<div class='row'>
<div class='col-md-3'>
<div class='list-group'>
<h4>OWASP Top 10 2017</h4>
<% for (var vulnKey in vulnerabilities) { %>
<% if (vulnKey[1]!='x') { %>
<a href="/learn/vulnerability/<%=vulnKey%>" class='list-group-item'>
<i class='fa fa-angle-double-right'></i> <%=vulnerabilities[vulnKey]%>
</a>
<% } %>
<% } %>
<h4>OWASP Top 10 2013</h4>
<% for (var vulnKey in vulnerabilities) { %>
<% if (vulnKey[1]=='x') { %>
<a href="/learn/vulnerability/<%=vulnKey%>" class='list-group-item'>
<i class='fa fa-angle-double-right'></i> <%=vulnerabilities[vulnKey]%>
</a>
<% } %>
<% } %>
</div>
</div>
Expand Down

0 comments on commit ffe81de

Please sign in to comment.