search

ine-labs / AWSGoat

AWSGoat : A Damn Vulnerable AWS Infrastructure
MIT License
1.7k stars 1.04k forks source link

02-SQL Injection: documentation not accurate (SQLi does not reveal admin password) #10

Closed mathiasconradt closed 2 years ago

mathiasconradt commented 2 years ago

Minor issue on the solution docs - the 02-SQL Injection.md states:

Check the response, you will see that we have successfully managed to gain access to all the data of all the users, even sensitive data like passwords, phone, addresses, etc.

However, the password nor the secret answer is part of the response. 

{
    "secretQuestion": "",
    "creationDate": "2022-01-25T00:00:00.000Z",
    "address": "Ap #662-2304 Phasellus Ave",
    "secretAnswer": "",
    "email": "dolor.fusce@aol.ca",
    "country": "Germany",
    "name": "Naida Dotson",
    "authLevel": "0",
    "password": "",
    "username": "naidadotson",
    "id": "1",
    "userStatus": "active",
    "phone": "329938731"
}
jeswinMathai commented 2 years ago

Thanks Mathias! We have updated the manuals with #13 . Over the next few weeks, we will be refactoring the manuals and videos to make them more explanatory.