-
ChatterFeed
-
0Best Answers
-
0Likes Received
-
0Likes Given
-
3Questions
-
5Replies
trailhead challange - SOQL injection
Hi , I am struck up in below Trailhead challange and could not understand what wrong in my code.
Please help
Thanks in advance
Simulate a SOQL Injection Attack
For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
Please help
Thanks in advance
Simulate a SOQL Injection Attack
For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
- Pspk
- September 27, 2017
- Like
- 0
- Continue reading or reply
salesforce Trailhead SOQL injection Challenge
Hi , I am also facing some problem with salesforce Trailhead SOQL injection Challenge, I tried many ways but still i am getting error .
can you suggest me where i am going wrong ?
Thank you
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
can you suggest me where i am going wrong ?
Thank you
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
- Pspk
- September 25, 2017
- Like
- 0
- Continue reading or reply
Trailhead SOQL Injection Challenge
Hi , I am also facing some problem with salesforce Trailhead SOQL injection Challenge, I tried many ways but still i am getting error .
can you suggest me where i am going wrong ?
Thank you
Simulate a SOQL Injection Attack
For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
can you suggest me where i am going wrong ?
Thank you
Simulate a SOQL Injection Attack
For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
- Pspk
- September 21, 2017
- Like
- 0
- Continue reading or reply
trailhead challange - SOQL injection
Hi , I am struck up in below Trailhead challange and could not understand what wrong in my code.
Please help
Thanks in advance
Simulate a SOQL Injection Attack
For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
Please help
Thanks in advance
Simulate a SOQL Injection Attack
For this challenge, perform a SOQL injection on the search box to see information that is unintentionally exposed. Navigate to the SOQL Injection Challenge tab within the SOQL Injection application. You will see a search tool for the supply__c object. Use the search box to perform a SOQL injection which returns supplies meant for Nobles only. Hint: If you’ve done this successfully, your query should return one result containing Venison.
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
- Pspk
- September 27, 2017
- Like
- 0
- Continue reading or reply
salesforce Trailhead SOQL injection Challenge
Hi , I am also facing some problem with salesforce Trailhead SOQL injection Challenge, I tried many ways but still i am getting error .
can you suggest me where i am going wrong ?
Thank you
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
can you suggest me where i am going wrong ?
Thank you
SOQL_Injection_Challenge:
public class SOQL_Injection_Challenge {
public string textual {get; set;}
public List<Supply__c> whereclause_records {get; set;}
//SELECT Id,Name,Quantity__c,Storage_Location__c,Type__c FROM Supply__c
public PageReference whereclause_search(){
string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
string whereClause = '';
if(textual != null && textual!=''){
whereClause += 'name like \'%'+textual+'%\' ';
}
if(whereClause != ''){
whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
validate(whereClause,whereclause_records.size());
}
return null;
}
public void validate(string s, integer i){
if(s.contains('\'%') && s.containsIgnoreCase('Nobles_Only__c') && s.contains('%\'') && i<10){
cvcs__c v = cvcs__c.getInstance('sic1');
if(v==null){
v = new cvcs__c(name='sic1',c1__c = 1);
} else {
v.c1__c += 1;
}
upsert v;
}
}
}
- Pspk
- September 25, 2017
- Like
- 0
- Continue reading or reply