damo.clanteam.com Security Challenge III [Writeup]

alright , this one is easy .  the challenge is on basic SQL Injection . In the challenge application there is a SQL injection vulnerability in member-info.php page . its a basic UNION based SQL injection , from there I used sqlmap to spice things up

vulnerable application URL is

http://damo.clanteam.com/sch3/member-info.php?id=1'+union+select+1,'nuke99',3,4,5+from+accounts--

 

2

so the password were encrypted with SHA1 encryption . for that I used a online hash database to get plain text password

3

and using “stanllone” as the user name and fire as the password I logged into the members area

that’s about it . see you soon guys

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s