Penetration Testing mailing list archives
Re: hacker challenge... pwn3d login form
From: GulfTech Security Research <security () gulftech org>
Date: Sat, 06 Sep 2008 17:55:13 -0500
Hi Jorge,Did you say the cookie bit to throw people off? I notice that basically the cookie is using an md5'ed version of the username as the id, and I get that, but I actually got in by using the username "admin' -- /*" and the password "1".
Also, I have been able to exploit the search feature to get this information also by sending a query like this.
-99' UNION SELECT 1,2,username,password,5 FROM members -- /* Kind Regards, James ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- hacker challenge... pwn3d login form Jorge L. Vazquez (Sep 06)
- Re: hacker challenge... pwn3d login form GulfTech Security Research (Sep 06)
- Re: hacker challenge... pwn3d login form Vivek P (Sep 07)
- Re: hacker challenge... pwn3d login form Jorge L. Vazquez (Sep 07)
- Re: hacker challenge... pwn3d login form unistd.h (Sep 07)
- <Possible follow-ups>
- Re: hacker challenge... pwn3d login form Tyler Johnson (Sep 07)
- Re: hacker challenge... pwn3d login form GulfTech Security Research (Sep 06)