search

psiinon / bodgeit

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
264 stars 195 forks source link

Additional SQLi attack in password servlet not counted as passed challenge -- change passwords of other users #20

Open julianthome opened 6 years ago

julianthome commented 6 years ago
  1. Go to password.jsp
  2. Put in 12345' where name = 'admin@thebodgeitstore.com'-- in the password fields
  3. Goto login.jsp
  4. Login with new credentials admin@thebodgeitstore.com and password 12345