search

robertrichards-checkmarx / bodgeit

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
0 stars 0 forks source link

CX Second_Order_SQL_Injection @ /root/login.jsp [master] #4

Open robertrichards-checkmarx opened 3 years ago

robertrichards-checkmarx commented 3 years ago

Second_Order_SQL_Injection issue exists @ /root/login.jsp in branch master

Severity: high

Checkmarx

Lines: 15

Code (Line #15):

        rs = stmt.executeQuery("SELECT * FROM Users WHERE (name = '" + username + "' AND password = '" + password + "')");
robertrichards-checkmarx commented 3 years ago

Issue still exists.

robertrichards-checkmarx commented 3 years ago

Issue still exists.

robertrichards-checkmarx commented 3 years ago

Issue still exists.

robertrichards-checkmarx commented 3 years ago

Issue still exists.

robertrichards-checkmarx commented 3 years ago

Issue still exists.