Differences
This shows you the differences between two versions of the page.
|
isc:labs:07 [2025/11/14 09:17] florin.stancu [Tasks] |
isc:labs:07 [2025/11/17 10:35] (current) florin.stancu |
||
|---|---|---|---|
| Line 126: | Line 126: | ||
| </code> | </code> | ||
| * Connect to the application using [[http://localhost:8080/]] (assuming you forwarded the port correctly) | * Connect to the application using [[http://localhost:8080/]] (assuming you forwarded the port correctly) | ||
| + | * Note:if you're running this inside WSL2, replace localhost with the IP address of the VM: ''ip addr show''! | ||
| * Login with ''test:test''; you fail to get any flag... try to become ''admin''! | * Login with ''test:test''; you fail to get any flag... try to become ''admin''! | ||
| * The most common approach when testing for SQL Injection is to input an apostrophe (''%%'%%'') in any of the provided fields ([[https://security.stackexchange.com/questions/67972/why-do-testers-often-use-the-single-quote-to-test-for-sql-injection]]) | * The most common approach when testing for SQL Injection is to input an apostrophe (''%%'%%'') in any of the provided fields ([[https://security.stackexchange.com/questions/67972/why-do-testers-often-use-the-single-quote-to-test-for-sql-injection]]) | ||
