Challenges | Without password | Cycubix Docs
PreviousChallenges | Admin Lost Password | Cycubix DocsNextChallenges | Admin Password Reset | Cycubix Docs
Last updated
Last updated
Can you login as Larry?
Solution
Intercept the request with ZAP or Burp.
If we modified the password we will get a responde saying there is a Java SQL Exception.
We will see from the Java SQL exception that we have a SQL Injection. We will try to change the password accordingly.
We can use the 'OR' statement to manipulate and have a true return, therefore bypassing authentication checks.
