|
Penetration Testing
mailing list archives
Re: hacker challenge... pwn3d login form
From: "Tyler Johnson" <tjohnson () novacoast com>
Date: Sat, 06 Sep 2008 18:04:32 -0700
Actually, you did it the hard way. If you register an account (like 'test') and log in you'll find the cookie value is
an md5 hash of your username (test = 098f6bcd4621d373cade4e832627b4f6 ).
If you edit that value to be the md5 hash of 'admin' (21232f297a57a5a743894a0e4a801fc3) and refresh the page you're
logged in as admin and presented with users and passwords.
--
Tyler Johnson
Network Manager
Novacoast Inc.
800-949-9933 Ext. 4800
805-202-6153
Novell's Solution Provider of the Year, Americas
2002, 2004, 2005, 2006, 2007
GulfTech Security Research <security () gulftech org> 09/06/08 4:37 PM >>>
Hi Jorge,
Did you say the cookie bit to throw people off? I notice that basically
the cookie is using an md5'ed version of the username as the id, and I
get that, but I actually got in by using the username "admin' -- /*" and
the password "1".
Also, I have been able to exploit the search feature to get this
information also by sending a query like this.
-99' UNION SELECT 1,2,username,password,5 FROM members -- /*
Kind Regards,
James
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
