Home
hack
Un exemple de hack interessant XD
Submitted by arkam on Tue, 05/07/2011 - 15:56
Bon, j'ai pas trop l'habitude de faire des entrées de blog super courte, mais là, un bon lien vaut mieux qu'un long discourt ;) http://www.developpez.net/forums/d1104374/club-professionnels-informatiq... J’espère que le monsieur recevra honneur et richesse, il leurs a quand même sauvé les miches là :D
»
[NDH2011] prequals::web300 write-up
Submitted by kryzantem on Wed, 06/04/2011 - 11:50
The goal of challenge (made by root-boy) was to get access to a flag protected by authentification. The challenge consists of a form with 3 fields:
  • Login
  • Password
  • Confirmation code
Trying to bypass the authentification through these 3 input fields should not lead to anything interesting so where can we feed our evil input ? You might have noticed that the form uses cookies. The good news is that the one named "cap" is vulnerable to SQL injections.
»
[NDH2011] prequals::web200 write-up
Submitted by kryzantem on Wed, 06/04/2011 - 11:12
The goal of this challenge was to get access to a flag stored in the database. The challenge consists of a form with two fields:
  • name
  • file
The purpose of this application is to read a radar picture of an infractation, apply OCR technology to read the value of the regplate and print all the infractions recorded for it. After a few attempts on passing evil inputs to that form, you might guess that the value of the regplate read by the OCR is vulnerable to SQL injection.
»
Syndicate content