Tag: authentication

All the articles with the tag "authentication".

• HTB Appointment — SQL Injection Skips the Lock

  15 Apr, 2026

  HackTheBox Appointment exploits a login form that concatenates user input directly into a SQL query. One comment character silences the password check entirely — the same structural failure that makes LLM agents vulnerable to prompt injection.

• HTB Meow — Root with No Password

  8 Mar, 2026

  HackTheBox Meow exploits a Telnet service running with a blank root password. The same failure pattern — a powerful interface with no credential gate — shows up in unauthenticated MCP servers and AI agent endpoints.