Hellbound Hackers
Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Sunday, June 25, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 65
Guests Online: 62
Members Online: 3
arnborg, skeet, jacky8709

Registered Members: 100657
Newest Member: Skeleton0101
Latest Articles

Introduction to Prog...

Complete Anonymity G...

PLC Electronic Basic...

Introduction to PLC...

Using Google Search ...

Pen testing 2 walk t...

Top 10 Simple Home S...

Pen Testing 2...

5 Firefox Addons Eve...

Realistic 18...

IT Security, a way o...

WIFI - Part 6, Airod...

WIFI - Part 6, Airod...

WIFI - Part 5, OSI a...

WIFI - Part 4, Airmo...

View Thread

HellBound Hackers | Computer General | Web hacking
Author

Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 22-11-07 19:11
Hi there,

I'm new to this site, but from what I have gathered it's a pretty nice community. I am not an idiot, but my coding skills are somewhat lacking.

Anywho, I'm trying to 'hack' this thing for various reasons, but anyway ~ it's called Facility ePortal, and its made by a company called Serco.

Its a registering and database system for schools. Here is an example log in page (found from a Google Search, and not my own school):

http://www.taw.org.uk/taw900eportal/index.jsp

After a failed log in, the page turns to this:

http://www.taw.org.uk/taw900eportal/PortalServ?reqtype=login

You can alter the bit on the end from login, to whatever you want and it'll echo it back, so doing something basic like this will work:

http://www.taw.org.uk/taw900eportal/PortalServ?reqtype=<script>alert("Hello HBH")</script>

Now I'm pretty sure that's a bloody major flaw.

I'd like to gain access to an account, make a new one, or gain access to the database. I'm not sure how to proceed to be honest. I've found some things that look exploitable, but if you could help me further, that'd be great.

Code
AdminLogin.location = "/taw900eportal/PortalServ?reqtype=loginoutput&showlog=false";



That was in the source code of the page.

There is also a value that is submitted with the page:
Code
<input id="ssobypass" name="ssobypass">




Not sure what that is, but it could help.

Any advice or help you could give me would be appreciated.

Thanks very much,

Gav
Author

RE: Injection Help

ap101
Member



Posts: 19
Location: Unknown
Joined: 14.06.07
Rank: Guest
Posted on 22-11-07 19:15
instead of a flame, i will tell you the following:
google
use it

One question makes and stops progress,
What if?
www.hellboundhackers.org/sig/c/20510/Resist! Rebel! Reclaim!.png
atheistpope101@hotmail.com Ask me
Author

RE: Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 22-11-07 19:17
you can try the OR 1=1 or AND 1=1 to check if its vulnerable. but i think this sites are pretty much secured...

Author

RE: Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 22-11-07 19:27
Did you ever read the forum rules?

http://www.hellbo. . .189_0.html

Author

RE: Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 22-11-07 19:59
Legal rules:
- do not post links to sites you have hacked / intend to hack
- do not ask help for hacking sites you have posted a link to

Author

RE: Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 22-11-07 20:08
Read forums first.


Been there, done that - Got the screenshot.