All the instructions are in the quest!
The fake customer accounts' credentials are listed here.
It was possible to change all passwords and email-addresses to the same value with ' OR 1=1 -- ;'
BankZecure: a fictional (and flawed) banking application
TSQL
All the instructions are in the quest!
The fake customer accounts' credentials are listed here.
It was possible to change all passwords and email-addresses to the same value with ' OR 1=1 -- ;'