[OWASP-WEBGOAT]Problem with "Perform a blind SQL Injection"

Chuck chuck.lists at gmail.com
Fri Dec 9 16:48:22 EST 2005 

Yes, that was my fault.  When I wrote that lesson I thought WebGoat
was no longer supported on non-Windows systems.  I'll update the
lesson to work on both systems.  The line you mentioned needs to be
changed, but all the hints are assuming you are using the MS Access
back end, too, so they need to be updated.

Chuck

On 12/9/05, Bruce Mayhew <bruce.mayhew at aspectsecurity.com> wrote:
> David
>
> This is most likely a problem with the enhydra DB we use for Linux.  I'll
> try to get the fix for this in the patch release which should be released
> soon.  Unfortunately, this one is a bug.
>
> Bruce.
>
>
> ----- Original Message -----
> From: "David Echarri" <davidecharri at yahoo.es>
> To: <owasp-webgoat at lists.sourceforge.net>
> Sent: Friday, December 09, 2005 11:50 AM
> Subject: [OWASP-WEBGOAT]Problem with "Perform a blind SQL Injection"
>
>
> > Hi everyone!
> >
> > I've installed WebGoat 3.7 under Linux, and found a
> > problem when doing the test "How to perform Blind SQL
> > Injection".
> >
> > The screen WebGoat presents to me always says "An
> > error ocurred, please try again", which is given when
> > an SQL Exception has been thrown.
> >
> > The log file has several entry like the following one:
> >
> > http-80-Processor25 SELECT TOP 1 first_name FROM
> > user_data WHERE userid = 15613
> > Don't understand SQL after: "SELECT"
> > Expected: "INTO" found: "first_name"
> >
> > If anyone could give me a hint on how to solve the
> > problem,
> > I would greatly appreciate it!
> >
> > Greetings,
> >
> > David Echarri
> >
> >
> >
> > ______________________________________________
> > Renovamos el Correo Yahoo!
> > Nuevos servicios, más seguridad
> > http://correo.yahoo.es
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > files
> > for problems?  Stop!  Download the new AJAX search engine that makes
> > searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> > http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> > _______________________________________________
> > OWASP-WEBGOAT mailing list
> > OWASP-WEBGOAT at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/owasp-webgoat
> >
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> OWASP-WEBGOAT mailing list
> OWASP-WEBGOAT at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-webgoat
>

More information about the Owasp-webgoat mailing list