bodgeit
bodgeit copied to clipboard
Additional SQLi attack in registration servlet not counted as passed challenge -- register as administrator
It is possible to run a SQLi attack through the register.jsp servlet that allows new users to register as administrator.
- Go to
register.jsp
- Put in
H@ans','ADMIN','12345')
in the username field - Put
12345
in the password fields - Click register button
- Go to
admin.jsp
where the user is listed as root user