Exercise 2.5 added
This commit is contained in:
@@ -85,6 +85,13 @@
|
|||||||
"exerciseNr": 4,
|
"exerciseNr": 4,
|
||||||
"descriptionDe": "Wir infiltrieren nun einen Account. Suche dir dafür aus der Liste der in Aufgabe 2.1 erhaltenen einen Account heraus, welcher die Rolle >>Super-Admin<< inne hat. Nur damit lässt sich die Dateiverwaltung welche wir später brauchen öffnen. Hast du den Account-Namen gefunden, gehe ins Login-Menü (logge dich aus, falls du noch angemeldet bist). Führe nun einen SQL-Injektion durch um diesen Account zu übernehmen.",
|
"descriptionDe": "Wir infiltrieren nun einen Account. Suche dir dafür aus der Liste der in Aufgabe 2.1 erhaltenen einen Account heraus, welcher die Rolle >>Super-Admin<< inne hat. Nur damit lässt sich die Dateiverwaltung welche wir später brauchen öffnen. Hast du den Account-Namen gefunden, gehe ins Login-Menü (logge dich aus, falls du noch angemeldet bist). Führe nun einen SQL-Injektion durch um diesen Account zu übernehmen.",
|
||||||
"descriptionEn": "todo"
|
"descriptionEn": "todo"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"nameDe": "Bewertungen löschen",
|
||||||
|
"nameEn": "Delete ratings",
|
||||||
|
"exerciseNr": 5,
|
||||||
|
"descriptionDe": "Jede Band hat Bewertungen auf einer Skala von eins bis fünf Sternen erhalten. Wir wollen alle Fünf-Sterne Bewertungen aus der Datenbank löschen. Schreibe eine SQL Injection, welche in der Tabelle >>Ratings<< alle Einträge mit der Bedingung >>rating = 5<< entfernt. Führe die Injection über die globale Suche aus.",
|
||||||
|
"descriptionEn": "todo"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@@ -108,13 +115,6 @@
|
|||||||
"exerciseNr": 2,
|
"exerciseNr": 2,
|
||||||
"descriptionDe": "Bearbeite die URL des Shops so, dass du das Script ausführen kannst",
|
"descriptionDe": "Bearbeite die URL des Shops so, dass du das Script ausführen kannst",
|
||||||
"descriptionEn": "Create an URL of the shop, which calls the script"
|
"descriptionEn": "Create an URL of the shop, which calls the script"
|
||||||
},
|
|
||||||
{
|
|
||||||
"nameDe": "Hacken mit eigenem Script",
|
|
||||||
"nameEn": "Hack with your script",
|
|
||||||
"exerciseNr": 3,
|
|
||||||
"descriptionDe": "Schreibe eine JavaScript Datei, lade sie über das Admin Panel hoch und kreiere eine URL, welche es ausführt",
|
|
||||||
"descriptionEn": "Write our own JavaScript file, upload it via Admin Panel and create an URL to execute it"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -144,16 +144,16 @@ band.get("/search", async (req: Request, res: Response) => {
|
|||||||
res.status(200).json(results)
|
res.status(200).json(results)
|
||||||
} else {
|
} else {
|
||||||
Band.findAll({
|
Band.findAll({
|
||||||
where: {
|
where: {
|
||||||
name: {
|
name: {
|
||||||
[Op.substring]: req.query.value
|
[Op.substring]: req.query.value
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
include: [ Concert, Genre ]
|
||||||
include: [ Concert, Genre ]
|
|
||||||
})
|
|
||||||
.then(bands => {
|
|
||||||
res.status(200).json(bands)
|
|
||||||
})
|
})
|
||||||
|
.then(bands => {
|
||||||
|
res.status(200).json(bands)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|||||||
@@ -21,20 +21,20 @@ export enum BannerStateEnum {
|
|||||||
|
|
||||||
EXERCISESOLVED12,
|
EXERCISESOLVED12,
|
||||||
|
|
||||||
EXERCISESOLVED13,
|
|
||||||
|
|
||||||
EXERCISESOLVED21,
|
EXERCISESOLVED21,
|
||||||
|
|
||||||
EXERCISESOLVED22,
|
EXERCISESOLVED22,
|
||||||
|
|
||||||
EXERCISESOLVED23,
|
EXERCISESOLVED23,
|
||||||
|
|
||||||
|
EXERCISESOLVED24,
|
||||||
|
|
||||||
|
EXERCISESOLVED25,
|
||||||
|
|
||||||
EXERCISESOLVED31,
|
EXERCISESOLVED31,
|
||||||
|
|
||||||
EXERCISESOLVED32,
|
EXERCISESOLVED32,
|
||||||
|
|
||||||
EXERCISESOLVED33,
|
|
||||||
|
|
||||||
|
|
||||||
////////// API Endpoint /api //////////
|
////////// API Endpoint /api //////////
|
||||||
|
|
||||||
|
|||||||
@@ -195,10 +195,6 @@ export const useAccountStore = defineStore("accountStore", {
|
|||||||
})
|
})
|
||||||
},
|
},
|
||||||
|
|
||||||
async getAdresses() {
|
|
||||||
|
|
||||||
},
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Remove an address from the user model
|
* Remove an address from the user model
|
||||||
*
|
*
|
||||||
@@ -221,10 +217,6 @@ export const useAccountStore = defineStore("accountStore", {
|
|||||||
)
|
)
|
||||||
},
|
},
|
||||||
|
|
||||||
editAccount(item: AccountModel) {
|
|
||||||
// todo
|
|
||||||
},
|
|
||||||
|
|
||||||
async deleteAccount(account: AccountModel) {
|
async deleteAccount(account: AccountModel) {
|
||||||
this.fetchInProgress = true
|
this.fetchInProgress = true
|
||||||
|
|
||||||
|
|||||||
@@ -81,7 +81,6 @@ export const useExerciseStore = defineStore("exerciseStore", {
|
|||||||
switch(exerciseNr) {
|
switch(exerciseNr) {
|
||||||
case 1: bannerState = BannerStateEnum.EXERCISESOLVED11; break;
|
case 1: bannerState = BannerStateEnum.EXERCISESOLVED11; break;
|
||||||
case 2: bannerState = BannerStateEnum.EXERCISESOLVED12; break;
|
case 2: bannerState = BannerStateEnum.EXERCISESOLVED12; break;
|
||||||
case 3: bannerState = BannerStateEnum.EXERCISESOLVED13; break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
@@ -92,6 +91,8 @@ export const useExerciseStore = defineStore("exerciseStore", {
|
|||||||
case 1: bannerState = BannerStateEnum.EXERCISESOLVED21; break;
|
case 1: bannerState = BannerStateEnum.EXERCISESOLVED21; break;
|
||||||
case 2: bannerState = BannerStateEnum.EXERCISESOLVED22; break;
|
case 2: bannerState = BannerStateEnum.EXERCISESOLVED22; break;
|
||||||
case 3: bannerState = BannerStateEnum.EXERCISESOLVED23; break;
|
case 3: bannerState = BannerStateEnum.EXERCISESOLVED23; break;
|
||||||
|
case 4: bannerState = BannerStateEnum.EXERCISESOLVED24; break;
|
||||||
|
case 5: bannerState = BannerStateEnum.EXERCISESOLVED25; break;
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
@@ -101,7 +102,6 @@ export const useExerciseStore = defineStore("exerciseStore", {
|
|||||||
switch(exerciseNr) {
|
switch(exerciseNr) {
|
||||||
case 1: bannerState = BannerStateEnum.EXERCISESOLVED31; break;
|
case 1: bannerState = BannerStateEnum.EXERCISESOLVED31; break;
|
||||||
case 2: bannerState = BannerStateEnum.EXERCISESOLVED32; break;
|
case 2: bannerState = BannerStateEnum.EXERCISESOLVED32; break;
|
||||||
case 3: bannerState = BannerStateEnum.EXERCISESOLVED33; break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -74,10 +74,6 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
|||||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [1, 2])
|
return this.i18n.t("bannerMessages.exerciseSolvedNr", [1, 2])
|
||||||
|
|
||||||
|
|
||||||
case BannerStateEnum.EXERCISESOLVED13:
|
|
||||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [1, 3])
|
|
||||||
|
|
||||||
|
|
||||||
case BannerStateEnum.EXERCISESOLVED21:
|
case BannerStateEnum.EXERCISESOLVED21:
|
||||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 1])
|
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 1])
|
||||||
|
|
||||||
@@ -89,6 +85,12 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
|||||||
case BannerStateEnum.EXERCISESOLVED23:
|
case BannerStateEnum.EXERCISESOLVED23:
|
||||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 3])
|
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 3])
|
||||||
|
|
||||||
|
case BannerStateEnum.EXERCISESOLVED24:
|
||||||
|
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 4])
|
||||||
|
|
||||||
|
case BannerStateEnum.EXERCISESOLVED25:
|
||||||
|
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 5])
|
||||||
|
|
||||||
|
|
||||||
case BannerStateEnum.EXERCISESOLVED31:
|
case BannerStateEnum.EXERCISESOLVED31:
|
||||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 1])
|
return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 1])
|
||||||
@@ -98,10 +100,6 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
|||||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 2])
|
return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 2])
|
||||||
|
|
||||||
|
|
||||||
case BannerStateEnum.EXERCISESOLVED33:
|
|
||||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 3])
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
////////// API Endpoint /api //////////
|
////////// API Endpoint /api //////////
|
||||||
|
|
||||||
@@ -208,13 +206,13 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
|||||||
case BannerStateEnum.EXERCISESOLVED03:
|
case BannerStateEnum.EXERCISESOLVED03:
|
||||||
case BannerStateEnum.EXERCISESOLVED11:
|
case BannerStateEnum.EXERCISESOLVED11:
|
||||||
case BannerStateEnum.EXERCISESOLVED12:
|
case BannerStateEnum.EXERCISESOLVED12:
|
||||||
case BannerStateEnum.EXERCISESOLVED13:
|
|
||||||
case BannerStateEnum.EXERCISESOLVED21:
|
case BannerStateEnum.EXERCISESOLVED21:
|
||||||
case BannerStateEnum.EXERCISESOLVED22:
|
case BannerStateEnum.EXERCISESOLVED22:
|
||||||
case BannerStateEnum.EXERCISESOLVED23:
|
case BannerStateEnum.EXERCISESOLVED23:
|
||||||
|
case BannerStateEnum.EXERCISESOLVED24:
|
||||||
|
case BannerStateEnum.EXERCISESOLVED25:
|
||||||
case BannerStateEnum.EXERCISESOLVED31:
|
case BannerStateEnum.EXERCISESOLVED31:
|
||||||
case BannerStateEnum.EXERCISESOLVED32:
|
case BannerStateEnum.EXERCISESOLVED32:
|
||||||
case BannerStateEnum.EXERCISESOLVED33:
|
|
||||||
return "purple"
|
return "purple"
|
||||||
|
|
||||||
case BannerStateEnum.BASKETPRODUCTREMOVED:
|
case BannerStateEnum.BASKETPRODUCTREMOVED:
|
||||||
@@ -239,13 +237,13 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
|||||||
case BannerStateEnum.EXERCISESOLVED03:
|
case BannerStateEnum.EXERCISESOLVED03:
|
||||||
case BannerStateEnum.EXERCISESOLVED11:
|
case BannerStateEnum.EXERCISESOLVED11:
|
||||||
case BannerStateEnum.EXERCISESOLVED12:
|
case BannerStateEnum.EXERCISESOLVED12:
|
||||||
case BannerStateEnum.EXERCISESOLVED13:
|
|
||||||
case BannerStateEnum.EXERCISESOLVED21:
|
case BannerStateEnum.EXERCISESOLVED21:
|
||||||
case BannerStateEnum.EXERCISESOLVED22:
|
case BannerStateEnum.EXERCISESOLVED22:
|
||||||
case BannerStateEnum.EXERCISESOLVED23:
|
case BannerStateEnum.EXERCISESOLVED23:
|
||||||
|
case BannerStateEnum.EXERCISESOLVED24:
|
||||||
|
case BannerStateEnum.EXERCISESOLVED25:
|
||||||
case BannerStateEnum.EXERCISESOLVED31:
|
case BannerStateEnum.EXERCISESOLVED31:
|
||||||
case BannerStateEnum.EXERCISESOLVED32:
|
case BannerStateEnum.EXERCISESOLVED32:
|
||||||
case BannerStateEnum.EXERCISESOLVED33:
|
|
||||||
return "mdi-check-circle-outline"
|
return "mdi-check-circle-outline"
|
||||||
|
|
||||||
case BannerStateEnum.DATABASERESETSUCCESSFUL:
|
case BannerStateEnum.DATABASERESETSUCCESSFUL:
|
||||||
|
|||||||
@@ -38,12 +38,15 @@ export const useSearchStore = defineStore("searchStore", {
|
|||||||
this.fetchInProgress = true
|
this.fetchInProgress = true
|
||||||
|
|
||||||
// Exercise solutions
|
// Exercise solutions
|
||||||
|
// todo: Rewrite to avoid easy exercise solution
|
||||||
if (this.searchTerm.endsWith("'); SELECT * FROM Accounts; --")) {
|
if (this.searchTerm.endsWith("'); SELECT * FROM Accounts; --")) {
|
||||||
exerciseStore.solveExercise(2, 1)
|
exerciseStore.solveExercise(2, 1)
|
||||||
} else if (this.searchTerm.endsWith("'); SELECT * FROM AccountRoles; --")) {
|
} else if (this.searchTerm.endsWith("'); SELECT * FROM AccountRoles; --")) {
|
||||||
exerciseStore.solveExercise(2, 2)
|
exerciseStore.solveExercise(2, 2)
|
||||||
} else if (this.searchTerm.includes("'); UPDATE Accounts SET accountRoleId = 2 WHERE username = ")) {
|
} else if (this.searchTerm.includes("'); UPDATE Accounts SET accountRoleId = 2 WHERE username = ")) {
|
||||||
exerciseStore.solveExercise(2, 3)
|
exerciseStore.solveExercise(2, 3)
|
||||||
|
} else if (this.searchTerm.includes("'); DELETE FROM Ratings WHERE rating = 5;")) {
|
||||||
|
exerciseStore.solveExercise(2, 5)
|
||||||
}
|
}
|
||||||
|
|
||||||
await fetchBandsBySearchTerm(this.searchTerm)
|
await fetchBandsBySearchTerm(this.searchTerm)
|
||||||
|
|||||||
Reference in New Issue
Block a user