Help: This service exposes GET, POST, PUT, DELETE methods. This service is vulnerable to SQL injection in security level 0.

DEFAULT GET: (without any parameters) will display this help plus a list of accounts in the system.

GET: Either displays usernames of all accounts or the username and signature of one account.

   Optional params: username AS URL parameter. If username is "*" then all accounts are returned.

   Example(s):

   Get a particular user: /mutillidae/webservices/rest/ws-user-account.php?username=adrian
   Get all users: /mutillidae/webservices/rest/ws-user-account.php?username=*

   Example Exploit(s):

   SQL injection: /mutillidae/webservices/rest/ws-user-account.php?username=jeremy'+union+select+concat('The+password+for+',username,'+is+',+password),mysignature+from+accounts+--+

POST: Creates new account.

   Required params: username, password AS POST parameter.
   Optional params: signature AS POST parameter.

PUT: Creates or updates account.

   Required params: username, password AS POST parameter.
   Optional params: signature AS POST parameter.

DELETE: Deletes account.

   Required params: username, password AS POST parameter.