Penetration Testing mailing list archives
Re: hacker challenge... pwn3d login form
From: "Tyler Johnson" <tjohnson () novacoast com>
Date: Sat, 06 Sep 2008 18:04:32 -0700
Actually, you did it the hard way. If you register an account (like 'test') and log in you'll find the cookie value is an md5 hash of your username (test = 098f6bcd4621d373cade4e832627b4f6 ). If you edit that value to be the md5 hash of 'admin' (21232f297a57a5a743894a0e4a801fc3) and refresh the page you're logged in as admin and presented with users and passwords. -- Tyler Johnson Network Manager Novacoast Inc. 800-949-9933 Ext. 4800 805-202-6153 Novell's Solution Provider of the Year, Americas 2002, 2004, 2005, 2006, 2007
GulfTech Security Research <security () gulftech org> 09/06/08 4:37 PM >>>
Hi Jorge, Did you say the cookie bit to throw people off? I notice that basically the cookie is using an md5'ed version of the username as the id, and I get that, but I actually got in by using the username "admin' -- /*" and the password "1". Also, I have been able to exploit the search feature to get this information also by sending a query like this. -99' UNION SELECT 1,2,username,password,5 FROM members -- /* Kind Regards, James ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- hacker challenge... pwn3d login form Jorge L. Vazquez (Sep 06)
- Re: hacker challenge... pwn3d login form GulfTech Security Research (Sep 06)
- Re: hacker challenge... pwn3d login form Vivek P (Sep 07)
- Re: hacker challenge... pwn3d login form Jorge L. Vazquez (Sep 07)
- Re: hacker challenge... pwn3d login form unistd.h (Sep 07)
- <Possible follow-ups>
- Re: hacker challenge... pwn3d login form Tyler Johnson (Sep 07)
- Re: hacker challenge... pwn3d login form GulfTech Security Research (Sep 06)