[WEB SECURITY] Web App vulnerable to HQL Injection ?
Stephen de Vries
stephen at continuumsecurity.net
Thu Feb 13 04:36:41 EST 2014
On 13 Feb 2014, at 10:16, Paul AMAR <aos.paul at gmail.com> wrote:
> Do you know any Web app vulnerable to HQL Injection ?
Here’s one I wrote and use for internal testing: https://github.com/continuumsecurity/RopeyTasks/ there’s HQL injection in two of the Controllers, e.g.: https://github.com/continuumsecurity/RopeyTasks/blob/master/grails-app/controllers/net/continuumsecurity/ropeytasks/TaskController.groovy
Best to download grails and run it from there so you can play with the code. If you run: grails war, you can then copy the resulting .war file to any servlet container like Tomcat, Jetty etc.
Disclaimer: this wasn’t really designed for public consumption, just for my internal testing, so it’s not as user friendly as DVWA and other vulnerable apps.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity