Challenges | Without password | Cycubix Docs

Can you login as Larry?



  • Intercept the request with ZAP or Burp.

  • If we modified the password we will get a responde saying there is a Java SQL Exception.

  • We will see from the Java SQL exception that we have a SQL Injection. We will try to change the password accordingly.

  • We can use the 'OR' statement to manipulate and have a true return, therefore bypassing authentication checks.

Last updated