[WEB SECURITY] Web App vulnerable to HQL Injection ?

Paul AMAR aos.paul at gmail.com
Thu Feb 13 04:48:02 EST 2014


Nice. I'll take a look today.

No problem for the "user friendly" thing.
I just want to practice with those vulnerabilites.


2014-02-13 10:36 GMT+01:00 Stephen de Vries <stephen at continuumsecurity.net>:

>
> On 13 Feb 2014, at 10:16, Paul AMAR <aos.paul at gmail.com> wrote:
>
>
> Do you know any Web app vulnerable to HQL Injection ?
>
>
> Here's one I wrote and use for internal testing:
> https://github.com/continuumsecurity/RopeyTasks/  there's HQL injection
> in two of the Controllers, e.g.:
> https://github.com/continuumsecurity/RopeyTasks/blob/master/grails-app/controllers/net/continuumsecurity/ropeytasks/TaskController.groovy
>
> Best to download grails and run it from there so you can play with the
> code.  If you run: grails war, you can then copy the resulting .war file to
> any servlet container like Tomcat, Jetty etc.
>
> Disclaimer: this wasn't really designed for public consumption, just for
> my internal testing, so it's not as user friendly as DVWA and other
> vulnerable apps.
>
> regards,
> Stephen
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20140213/980153a3/attachment.html>


More information about the websecurity mailing list