Additional SQLi attack in registration servlet not counted as passed challenge -- dump all user passwords

[julianthome]

It is possible to run a SQLi attack through the register.jsp servlet that allows attackers to dump the whole db.

1. Go to register.jsp
2. Put in Mich@el',Select password from Users where name LIKE 'admin%','12345')-- in the username field
3. Put 12345 in the password fields
4. Click register button
5. Go to admin.jsp where the root password is displayed