mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-27 14:54:05 -06:00
vault backup: 2022-09-08 11:23:34
This commit is contained in:
Jet Hughes
parent
45b7fe7255
commit
1df6f9343f
@ -23,10 +23,14 @@ Jet Hughes - 9474308
|
||||
- we are able to extract data which is displayed as the users username
|
||||
- we can extract the data from the data base using this "username"
|
||||
- ' union select group_concat(username||':'||password||':'||name||':'||credit_card_number||':'||credit_card_expiry||':'||credit_card_cvv) from user as name;--
|
||||
- I was able to crack 48 of the 101 passwords using the rockyou wordlist. I'm sure It would not be difficult to crack more.
|
||||
- I was able to crack 48 of the 101 passwords using the rockyou wordlist. I'm sure It would not be difficult to crack more.
|
||||
- you cant also update the data. E.g., set the price of all products to zero using this as a username in the login box
|
||||
- '; update PRODUCT set UNIT_PRICE = 0 where 1=1;--
|
||||
|
||||
## Javascript Injection
|
||||
|
||||
- I could be possible to perform a javascript injection as the users name is displayed in the website. and prodcut information is displayed in the view catalogue page
|
||||
- You could update a products name to be a script which would then run on others systems
|
||||
- e.g. '; update PRODUCT set DESCRIPTION = '<script>alert("hello")</script>' where PRODUCT_ID = 67696;--
|
||||
|
||||
## Path traversal
|
||||
## Network-Level security
|
||||
|
||||
Loading…
Reference in New Issue
Block a user