😂Vulnerability #2: Hardcoded Credentials

Navigating to the util.Util class, we can see that verifyUserNamePassword calls getUserCreds and compares the values that it returns with the values that we provide.

The vulnerability here is that credentials are hardcoded into the getUserCreds method, thus giving us a valid account that we can use to login into the app.

username: shopuser password: !ns3csh0p