[WEB SECURITY] Web App vulnerable to HQL Injection ?
aos.paul at gmail.com
Thu Feb 13 04:48:02 EST 2014
Nice. I'll take a look today.
No problem for the "user friendly" thing.
I just want to practice with those vulnerabilites.
2014-02-13 10:36 GMT+01:00 Stephen de Vries <stephen at continuumsecurity.net>:
> On 13 Feb 2014, at 10:16, Paul AMAR <aos.paul at gmail.com> wrote:
> Do you know any Web app vulnerable to HQL Injection ?
> Here's one I wrote and use for internal testing:
> https://github.com/continuumsecurity/RopeyTasks/ there's HQL injection
> in two of the Controllers, e.g.:
> Best to download grails and run it from there so you can play with the
> code. If you run: grails war, you can then copy the resulting .war file to
> any servlet container like Tomcat, Jetty etc.
> Disclaimer: this wasn't really designed for public consumption, just for
> my internal testing, so it's not as user friendly as DVWA and other
> vulnerable apps.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity