Closed pkemkes closed 8 months ago
You can change the user_id stored in your session if you inject SQL into the username or password field.
Proposed fix: Check whether the user_id exists before writing it into the session here: https://github.com/pkemkes/ctf-challenges/blob/main/y/src/app/views.py#L304
You can change the user_id stored in your session if you inject SQL into the username or password field.
Proposed fix: Check whether the user_id exists before writing it into the session here: https://github.com/pkemkes/ctf-challenges/blob/main/y/src/app/views.py#L304