Re: hacker challenge... pwn3d login form

["Jorge L. Vazquez" <jlvazquez825 () gmail com>]

thanks for all the responses.....I'm glad you enjoyed the site, and I
welcome any suggestions you might have on ways I can make it better.

that been said, I think I've made it too easy, too many clues/hints...
to answer the main question I got

was the cookie bit meant to throw ppl off?

 NO!, I did the login page with the cookie vuln in mind, although I'm
doing input validation for XSS, and html injection, I left it open for
SQL Injection, I kind of knew/hoped some of you would go the sql
injection route, right?... why spending so much time trying to figure
out what's the vuln, is better to hit the application with sql injection
over and over, until you finally get in, but I think that approach would
leave traces in the logs.... and why try to enter from the back door,
when the front door key is there for you to grab it (I think the first
approach should always be to enter the legit way).

 Someone used Brutus to dictionary attack the application!


thanks
Jorge L. Vazquez
www.pctechtips.org




GulfTech Security Research wrote:
> Hi Jorge,
>
> Did you say the cookie bit to throw people off? I notice that
> basically the cookie is using an md5'ed version of the username as the
> id, and I get that, but I actually got in by using the username
> "admin' -- /*" and the password "1".
>
> Also, I have been able to exploit the search feature to get this
> information also by sending a query like this.
>
> -99' UNION SELECT 1,2,username,password,5 FROM members -- /*
>
> Kind Regards,
>
> James


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------