After going to http://coindex.co/reset.html, you need to put in the following text with "me@me.com" changed to an email address you have access to:
x'; UPDATE users SET email_address = 'me@me.com' WHERE email_address = 'h4x0r@dark.net
Make sure you type it correctly, otherwise it won't work. Beware that there is no additional ' at the end as you're injecting the text into the 'INPUT' statement you saw in "Breaking in". If you remember the last few exercises of "Poking around" and the first two exercises of "Exploring the database", you'll see exactly why that is.
If you hit Reset password, you'll get the error message "We couldn't find a user with the specified email.", which is exactly what you want to see because there really is no user with the email address "x". Now put in your the email address you just used and hit "reset password" again. You should now get the email because you've just changed the email address from some user to your own email address.
Comments
0 comments
Article is closed for comments.