Can you login as Larry?
LOGINarrow-up-right
Solution
Intercept the request with ZAP or Burp.
If we modified the password we will get a responde saying there is a Java SQL Exception.
We will see from the Java SQL exception that we have a SQL Injection. We will try to change the password accordingly.
We can use the 'OR' statement to manipulate and have a true return, therefore bypassing authentication checks.
Last updated 1 year ago
Was this helpful?
