we have to test a website for this software testing class and it's vulnerable to an SQL injection attack

but we can log in as admin anyway. still a bug but not a fun one

is there anything exciting i can do from inside a SELECT statement? i tried to UPDATE the database but i get a MySQL "Verify DB failed" error

oh here's something interesting, if not useful

your username that gets echoed on the page is always set to what you typed into the username field, not what the actual name of the account is

and when it echoes your username to the page, it isn't sanitized

Show thread

this is what i decided was fun enough to call the teacher over to see (that is, to show off), and she actually asked me to email her details so she could show the head of the software development program. apparently he'll get a kick out of it :P

Β· Web Β· 1 Β· 4 Β· 18

probably screenreader bad


Show thread
Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!