[WEB SECURITY] Web App vulnerable to HQL Injection ?

prasanna.k prasanna.in at gmail.com
Thu Feb 13 04:56:37 EST 2014


Thanks for the share guys.

PK


On Thu, Feb 13, 2014 at 3:18 PM, Paul AMAR <aos.paul at gmail.com> wrote:

> Nice. I'll take a look today.
>
> No problem for the "user friendly" thing.
> I just want to practice with those vulnerabilites.
>
>
> 2014-02-13 10:36 GMT+01:00 Stephen de Vries <stephen at continuumsecurity.net
> >:
>
>>
>> On 13 Feb 2014, at 10:16, Paul AMAR <aos.paul at gmail.com> wrote:
>>
>>
>> Do you know any Web app vulnerable to HQL Injection ?
>>
>>
>> Here's one I wrote and use for internal testing:
>> https://github.com/continuumsecurity/RopeyTasks/  there's HQL injection
>> in two of the Controllers, e.g.:
>> https://github.com/continuumsecurity/RopeyTasks/blob/master/grails-app/controllers/net/continuumsecurity/ropeytasks/TaskController.groovy
>>
>> Best to download grails and run it from there so you can play with the
>> code.  If you run: grails war, you can then copy the resulting .war file to
>> any servlet container like Tomcat, Jetty etc.
>>
>> Disclaimer: this wasn't really designed for public consumption, just for
>> my internal testing, so it's not as user friendly as DVWA and other
>> vulnerable apps.
>>
>> regards,
>> Stephen
>>
>>
>>
>>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20140213/b7542b6b/attachment.html>


More information about the websecurity mailing list