|
-
August 18th, 2008, 01:21 AM
#1
Member
help hacking the login form....hacker challenge
ok, I came across this hacker challenge, and it seems to work like this:.... anyone can register, once you register you can login, but you get a message saying that "you are a regular user, and you need administrator rights"....all the authentication is done against a mysql backend database, which contains the usernames and passwords, with that the first thing I tried was sql injection to see if the app would spit out all the content of the table... so I tried something simple like ' or 'x'='x which in sql evaluates to true, that didn't work so I use webscarab to kind of launch a dictionary attack against the login page using sql injection, but I think the application is doing input validation or stripping the input from any tags or slashes.... the other vector attack could be either a weakness in the cookie or sessionid but I haven't got there yet.
here's the link http://www.pctechtips.org/pwn3d_login.php
any help appreciated
thanks
Last edited by k_tech; August 18th, 2008 at 01:23 AM.
Similar Threads
-
By Sick Dwarf in forum Newbie Security Questions
Replies: 8
Last Post: September 26th, 2002, 12:30 AM
-
By TURBOWEST in forum The Security Tutorials Forum
Replies: 4
Last Post: September 23rd, 2002, 05:46 AM
-
By Isellcrack4FBI in forum AntiOnline's General Chit Chat
Replies: 2
Last Post: July 4th, 2002, 02:40 PM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote