bh
Bhagwa@bhagwaMay 17

How many vulnerabilities can you spot here? 馃槑

  • bh
    Bhagwa@bhagwaMay 19

    We see:

    • SQL Injection (what if the user name was "' OR 1=1#"?)
    • Open redirects
    • Insecure database credentials
    • Reflected XSS in the error message
    • Sensitive data in URL, may be exposed in "Referer" header
    • Login CSRF
    • Password in cleartext
    0