Exercise 2.5 added
This commit is contained in:
@@ -85,6 +85,13 @@
|
||||
"exerciseNr": 4,
|
||||
"descriptionDe": "Wir infiltrieren nun einen Account. Suche dir dafür aus der Liste der in Aufgabe 2.1 erhaltenen einen Account heraus, welcher die Rolle >>Super-Admin<< inne hat. Nur damit lässt sich die Dateiverwaltung welche wir später brauchen öffnen. Hast du den Account-Namen gefunden, gehe ins Login-Menü (logge dich aus, falls du noch angemeldet bist). Führe nun einen SQL-Injektion durch um diesen Account zu übernehmen.",
|
||||
"descriptionEn": "todo"
|
||||
},
|
||||
{
|
||||
"nameDe": "Bewertungen löschen",
|
||||
"nameEn": "Delete ratings",
|
||||
"exerciseNr": 5,
|
||||
"descriptionDe": "Jede Band hat Bewertungen auf einer Skala von eins bis fünf Sternen erhalten. Wir wollen alle Fünf-Sterne Bewertungen aus der Datenbank löschen. Schreibe eine SQL Injection, welche in der Tabelle >>Ratings<< alle Einträge mit der Bedingung >>rating = 5<< entfernt. Führe die Injection über die globale Suche aus.",
|
||||
"descriptionEn": "todo"
|
||||
}
|
||||
]
|
||||
},
|
||||
@@ -108,13 +115,6 @@
|
||||
"exerciseNr": 2,
|
||||
"descriptionDe": "Bearbeite die URL des Shops so, dass du das Script ausführen kannst",
|
||||
"descriptionEn": "Create an URL of the shop, which calls the script"
|
||||
},
|
||||
{
|
||||
"nameDe": "Hacken mit eigenem Script",
|
||||
"nameEn": "Hack with your script",
|
||||
"exerciseNr": 3,
|
||||
"descriptionDe": "Schreibe eine JavaScript Datei, lade sie über das Admin Panel hoch und kreiere eine URL, welche es ausführt",
|
||||
"descriptionEn": "Write our own JavaScript file, upload it via Admin Panel and create an URL to execute it"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -144,16 +144,16 @@ band.get("/search", async (req: Request, res: Response) => {
|
||||
res.status(200).json(results)
|
||||
} else {
|
||||
Band.findAll({
|
||||
where: {
|
||||
name: {
|
||||
[Op.substring]: req.query.value
|
||||
where: {
|
||||
name: {
|
||||
[Op.substring]: req.query.value
|
||||
},
|
||||
},
|
||||
},
|
||||
include: [ Concert, Genre ]
|
||||
})
|
||||
.then(bands => {
|
||||
res.status(200).json(bands)
|
||||
include: [ Concert, Genre ]
|
||||
})
|
||||
.then(bands => {
|
||||
res.status(200).json(bands)
|
||||
})
|
||||
}
|
||||
})
|
||||
|
||||
|
||||
@@ -21,20 +21,20 @@ export enum BannerStateEnum {
|
||||
|
||||
EXERCISESOLVED12,
|
||||
|
||||
EXERCISESOLVED13,
|
||||
|
||||
EXERCISESOLVED21,
|
||||
|
||||
EXERCISESOLVED22,
|
||||
|
||||
EXERCISESOLVED23,
|
||||
|
||||
EXERCISESOLVED24,
|
||||
|
||||
EXERCISESOLVED25,
|
||||
|
||||
EXERCISESOLVED31,
|
||||
|
||||
EXERCISESOLVED32,
|
||||
|
||||
EXERCISESOLVED33,
|
||||
|
||||
|
||||
////////// API Endpoint /api //////////
|
||||
|
||||
|
||||
@@ -195,10 +195,6 @@ export const useAccountStore = defineStore("accountStore", {
|
||||
})
|
||||
},
|
||||
|
||||
async getAdresses() {
|
||||
|
||||
},
|
||||
|
||||
/**
|
||||
* Remove an address from the user model
|
||||
*
|
||||
@@ -221,10 +217,6 @@ export const useAccountStore = defineStore("accountStore", {
|
||||
)
|
||||
},
|
||||
|
||||
editAccount(item: AccountModel) {
|
||||
// todo
|
||||
},
|
||||
|
||||
async deleteAccount(account: AccountModel) {
|
||||
this.fetchInProgress = true
|
||||
|
||||
|
||||
@@ -81,7 +81,6 @@ export const useExerciseStore = defineStore("exerciseStore", {
|
||||
switch(exerciseNr) {
|
||||
case 1: bannerState = BannerStateEnum.EXERCISESOLVED11; break;
|
||||
case 2: bannerState = BannerStateEnum.EXERCISESOLVED12; break;
|
||||
case 3: bannerState = BannerStateEnum.EXERCISESOLVED13; break;
|
||||
}
|
||||
|
||||
break;
|
||||
@@ -92,6 +91,8 @@ export const useExerciseStore = defineStore("exerciseStore", {
|
||||
case 1: bannerState = BannerStateEnum.EXERCISESOLVED21; break;
|
||||
case 2: bannerState = BannerStateEnum.EXERCISESOLVED22; break;
|
||||
case 3: bannerState = BannerStateEnum.EXERCISESOLVED23; break;
|
||||
case 4: bannerState = BannerStateEnum.EXERCISESOLVED24; break;
|
||||
case 5: bannerState = BannerStateEnum.EXERCISESOLVED25; break;
|
||||
}
|
||||
|
||||
break;
|
||||
@@ -101,7 +102,6 @@ export const useExerciseStore = defineStore("exerciseStore", {
|
||||
switch(exerciseNr) {
|
||||
case 1: bannerState = BannerStateEnum.EXERCISESOLVED31; break;
|
||||
case 2: bannerState = BannerStateEnum.EXERCISESOLVED32; break;
|
||||
case 3: bannerState = BannerStateEnum.EXERCISESOLVED33; break;
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
@@ -74,10 +74,6 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [1, 2])
|
||||
|
||||
|
||||
case BannerStateEnum.EXERCISESOLVED13:
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [1, 3])
|
||||
|
||||
|
||||
case BannerStateEnum.EXERCISESOLVED21:
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 1])
|
||||
|
||||
@@ -89,6 +85,12 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
||||
case BannerStateEnum.EXERCISESOLVED23:
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 3])
|
||||
|
||||
case BannerStateEnum.EXERCISESOLVED24:
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 4])
|
||||
|
||||
case BannerStateEnum.EXERCISESOLVED25:
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [2, 5])
|
||||
|
||||
|
||||
case BannerStateEnum.EXERCISESOLVED31:
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 1])
|
||||
@@ -98,10 +100,6 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 2])
|
||||
|
||||
|
||||
case BannerStateEnum.EXERCISESOLVED33:
|
||||
return this.i18n.t("bannerMessages.exerciseSolvedNr", [3, 3])
|
||||
|
||||
|
||||
|
||||
////////// API Endpoint /api //////////
|
||||
|
||||
@@ -208,13 +206,13 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
||||
case BannerStateEnum.EXERCISESOLVED03:
|
||||
case BannerStateEnum.EXERCISESOLVED11:
|
||||
case BannerStateEnum.EXERCISESOLVED12:
|
||||
case BannerStateEnum.EXERCISESOLVED13:
|
||||
case BannerStateEnum.EXERCISESOLVED21:
|
||||
case BannerStateEnum.EXERCISESOLVED22:
|
||||
case BannerStateEnum.EXERCISESOLVED23:
|
||||
case BannerStateEnum.EXERCISESOLVED24:
|
||||
case BannerStateEnum.EXERCISESOLVED25:
|
||||
case BannerStateEnum.EXERCISESOLVED31:
|
||||
case BannerStateEnum.EXERCISESOLVED32:
|
||||
case BannerStateEnum.EXERCISESOLVED33:
|
||||
return "purple"
|
||||
|
||||
case BannerStateEnum.BASKETPRODUCTREMOVED:
|
||||
@@ -239,13 +237,13 @@ export const useFeedbackStore = defineStore("feedbackStore", {
|
||||
case BannerStateEnum.EXERCISESOLVED03:
|
||||
case BannerStateEnum.EXERCISESOLVED11:
|
||||
case BannerStateEnum.EXERCISESOLVED12:
|
||||
case BannerStateEnum.EXERCISESOLVED13:
|
||||
case BannerStateEnum.EXERCISESOLVED21:
|
||||
case BannerStateEnum.EXERCISESOLVED22:
|
||||
case BannerStateEnum.EXERCISESOLVED23:
|
||||
case BannerStateEnum.EXERCISESOLVED24:
|
||||
case BannerStateEnum.EXERCISESOLVED25:
|
||||
case BannerStateEnum.EXERCISESOLVED31:
|
||||
case BannerStateEnum.EXERCISESOLVED32:
|
||||
case BannerStateEnum.EXERCISESOLVED33:
|
||||
return "mdi-check-circle-outline"
|
||||
|
||||
case BannerStateEnum.DATABASERESETSUCCESSFUL:
|
||||
|
||||
@@ -38,12 +38,15 @@ export const useSearchStore = defineStore("searchStore", {
|
||||
this.fetchInProgress = true
|
||||
|
||||
// Exercise solutions
|
||||
// todo: Rewrite to avoid easy exercise solution
|
||||
if (this.searchTerm.endsWith("'); SELECT * FROM Accounts; --")) {
|
||||
exerciseStore.solveExercise(2, 1)
|
||||
} else if (this.searchTerm.endsWith("'); SELECT * FROM AccountRoles; --")) {
|
||||
exerciseStore.solveExercise(2, 2)
|
||||
} else if (this.searchTerm.includes("'); UPDATE Accounts SET accountRoleId = 2 WHERE username = ")) {
|
||||
exerciseStore.solveExercise(2, 3)
|
||||
} else if (this.searchTerm.includes("'); DELETE FROM Ratings WHERE rating = 5;")) {
|
||||
exerciseStore.solveExercise(2, 5)
|
||||
}
|
||||
|
||||
await fetchBandsBySearchTerm(this.searchTerm)
|
||||
|
||||
Reference in New Issue
Block a user