CNIT 120 Project 12: SQL Injection with WebGoat (15 pts.)

String SQL Injection

Start Webgoat as you did before, so you can see the WebGoat main page in a Web Browser.

On the left of the WebGoat window, click "Injection Flaws".

In the "Injection Flaws" section, click the fifth item, labelled "String SQL Injection", as shown below.

Note: Don't click the "Stage 1: String SQL Injection" link. That lesson requires a proxy and is beyond the scope of this course.

Click the Lesson Plan button. A box opens explaining the purpose of this lesson. Read it. Then click the gray "Close this window" text at the bottom of the box.

Do the exercise. If you get stuck, use the Hints button or the "Solution Videos" button.

When you complete the lesson, you will see a green check mark on the left side of the page, as shown below.

More SQL Injection Lessons

Do these two lessons the same way:

Modify Data with SQL Injection

Add Data with SQL Injection

When you complete the lessons, you will see three green check marks on the left side of the page, as shown below.

Save this image with a filename of Proj_12_from_Your_Name.

Email the image to with a subject of "Project 12 from YOUR NAME".

Last modified: 3-25-14