bodgeit
bodgeit copied to clipboard
Additional SQLi attack in registration servlet not counted as passed challenge -- dump all user passwords
It is possible to run a SQLi attack through the register.jsp
servlet that allows attackers to dump the whole db.
- Go to
register.jsp
- Put in
Mich@el',Select password from Users where name LIKE 'admin%','12345')--
in the username field - Put
12345
in the password fields - Click register button
- Go to
admin.jsp
where the root password is displayed