Exploiting Web Vulnerabilities in Thick-Client Applications

Thick client applications with a three-tier architecture have a security advantage over those with a two-tier architecture since it prevents the end-user from communicating directly with the database server. However, three-tier applications can be susceptible to web-specific attacks like SQL Injection and Path Traversal.

During penetration testing, it is common for someone to encounter a thick client application that connects to a server to communicate with the database. The following scenario demonstrates a case where the tester has found the following files while enumerating an FTP server that provides anonymous user access.

fatty-client.jar
note.txt
note2.txt
note3.txt

Reading the content of all the text files reveals that:

A server has been reconfigured to run on port 1337 instead of 8000.
This might be a thick/thin client architecture where the client application still needs to be updated to use the new port.
The client application relies on Java 8.
The login credentials for login in the client application are qtc / clarabibi.

Let's run the fatty-client.jar file by double-clicking on it. Once the app is started, we can log in using the credentials qtc / clarabibi.