After going to http://coindex.co/reset.html, you need to put in the following text with me@me.com changed to an email address you have access to:
x'; UPDATE users SET email_address = 'me@me.com' WHERE email_address = 'h4x0r@dark.net
Make sure you type it correctly, otherwise it won't work. Beware that there is no additional quote (') at the end, as you're injecting the text into the 'INPUT' statement you saw in "Breaking in". If you remember the last few exercises of "Poking around" and the first two exercises of "Exploring the database", you'll see exactly why that is.
If you hit Reset password, you'll see an error message ("We couldn't find a user with the specified email."). That's exactly what you want to see because there really is no user with the email address x. Now put in the email address you just used and hit Reset password again. You should now get the email because you've just changed the email address from some user's to your own email address.
Comments
0 comments
Article is closed for comments.