Bon, j'ai pas trop l'habitude de faire des entrées de blog super courte, mais là, un bon lien vaut mieux qu'un long discourt ;) http://www.developpez.net/forums/d1104374/club-professionnels-informatiq... J’espère que le monsieur recevra honneur et richesse, il leurs a quand même sauvé les miches là :D
The goal of challenge (made by root-boy) was to get access to a flag protected by authentification. The challenge consists of a form with 3 fields:
  • Login
  • Password
  • Confirmation code
Trying to bypass the authentification through these 3 input fields should not lead to anything interesting so where can we feed our evil input ? You might have noticed that the form uses cookies. The good news is that the one named "cap" is vulnerable to SQL injections.
The goal of this challenge was to get access to a flag stored in the database. The challenge consists of a form with two fields:
  • name
  • file
The purpose of this application is to read a radar picture of an infractation, apply OCR technology to read the value of the regplate and print all the infractions recorded for it. After a few attempts on passing evil inputs to that form, you might guess that the value of the regplate read by the OCR is vulnerable to SQL injection.
Syndicate content