Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 24
Members Online: 1

Registered Members: 82835
Newest Member: phanton2043
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Cookie poisoning as in Basic20 (Basic20-spoiler)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-12-07 08:56
Hey,
I have just recently finished Basic 20, with a bit of help from -cL's article on some basic webhacks.

Basic 20 is using a MySQL-login which uses cookies; you poison the cookie with some MySQL-code and you get in.

So, I finished the challenge, but I don't see where it fits in the code..
I have no idea how the cookies are used in the login-system, making it possible to inject MySQL through them.

Could someone give me a piece of example code for a login like the one applied in Basic 20?

I would really appreciate it, because it will enable me to see what I did there.

Thanks anyway -cL for letting me finish the challenge!



Author

RE: Cookie poisoning as in Basic20 (Basic20-spoiler)

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 03-12-07 10:26
You should code some PHP. Here, an example:

Code
SELECT $cookievalue FROM example_table




If you brush up your PHP skills you will get it.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Cookie poisoning as in Basic20 (Basic20-spoiler)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-12-07 19:07
That's the part I did understand Wink
But but but..

Is it like this?

- Login using MySQL;
- Set 'whoami' in cookie;
- Check the value on 'whoami' and display data based on this intel (You are logged in as)
>> Injection
SELECT * FROM ... WHERE user='$cookievalue'OR'1'='1'

Something like that?