Penetration Testing mailing list archives
Re: hacker challenge... pwn3d login form
From: "Jorge L. Vazquez" <jlvazquez825 () gmail com>
Date: Sun, 07 Sep 2008 12:22:34 -0400
thanks for all the responses.....I'm glad you enjoyed the site, and I welcome any suggestions you might have on ways I can make it better. that been said, I think I've made it too easy, too many clues/hints... to answer the main question I got was the cookie bit meant to throw ppl off? NO!, I did the login page with the cookie vuln in mind, although I'm doing input validation for XSS, and html injection, I left it open for SQL Injection, I kind of knew/hoped some of you would go the sql injection route, right?... why spending so much time trying to figure out what's the vuln, is better to hit the application with sql injection over and over, until you finally get in, but I think that approach would leave traces in the logs.... and why try to enter from the back door, when the front door key is there for you to grab it (I think the first approach should always be to enter the legit way). Someone used Brutus to dictionary attack the application! thanks Jorge L. Vazquez www.pctechtips.org GulfTech Security Research wrote:
Hi Jorge, Did you say the cookie bit to throw people off? I notice that basically the cookie is using an md5'ed version of the username as the id, and I get that, but I actually got in by using the username "admin' -- /*" and the password "1". Also, I have been able to exploit the search feature to get this information also by sending a query like this. -99' UNION SELECT 1,2,username,password,5 FROM members -- /* Kind Regards, James
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- hacker challenge... pwn3d login form Jorge L. Vazquez (Sep 06)
- Re: hacker challenge... pwn3d login form GulfTech Security Research (Sep 06)
- Re: hacker challenge... pwn3d login form Vivek P (Sep 07)
- Re: hacker challenge... pwn3d login form Jorge L. Vazquez (Sep 07)
- Re: hacker challenge... pwn3d login form unistd.h (Sep 07)
- <Possible follow-ups>
- Re: hacker challenge... pwn3d login form Tyler Johnson (Sep 07)
- Re: hacker challenge... pwn3d login form GulfTech Security Research (Sep 06)