Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 26
Members Online: 6

Registered Members: 82895
Newest Member: kevy90
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-07 19:11
Hi there,

I'm new to this site, but from what I have gathered it's a pretty nice community. I am not an idiot, but my coding skills are somewhat lacking.

Anywho, I'm trying to 'hack' this thing for various reasons, but anyway ~ it's called Facility ePortal, and its made by a company called Serco.

Its a registering and database system for schools. Here is an example log in page (found from a Google Search, and not my own school):

http://www.taw.org.uk/taw900eportal/index.jsp

After a failed log in, the page turns to this:

http://www.taw.org.uk/taw900eportal/PortalServ?reqtype=login

You can alter the bit on the end from login, to whatever you want and it'll echo it back, so doing something basic like this will work:

http://www.taw.org.uk/taw900eportal/PortalServ?reqtype=<script>alert("Hello HBH")</script>

Now I'm pretty sure that's a bloody major flaw.

I'd like to gain access to an account, make a new one, or gain access to the database. I'm not sure how to proceed to be honest. I've found some things that look exploitable, but if you could help me further, that'd be great.

Code
AdminLogin.location = "/taw900eportal/PortalServ?reqtype=loginoutput&showlog=false";



That was in the source code of the page.

There is also a value that is submitted with the page:
Code
<input id="ssobypass" name="ssobypass">




Not sure what that is, but it could help.

Any advice or help you could give me would be appreciated.

Thanks very much,

Gav
Author

RE: Injection Help

ap101
Member



Posts: 19
Location: Unknown
Joined: 14.06.07
Rank:
Guest
Posted on 22-11-07 19:15
instead of a flame, i will tell you the following:
google
use it


One question makes and stops progress,
What if?
www.hellboundhackers.org/sig/c/20510/Resist! Rebel! Reclaim!.png
atheistpope101@hotmail.com Ask me
Author

RE: Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-07 19:17
you can try the OR 1=1 or AND 1=1 to check if its vulnerable. but i think this sites are pretty much secured...


Author

RE: Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-07 19:27
Did you ever read the forum rules?

http://www.hellbo. . .189_0.html


Author

RE: Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-07 19:59
Legal rules:
- do not post links to sites you have hacked / intend to hack
- do not ask help for hacking sites you have posted a link to


Author

RE: Injection Help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-07 20:08
Read forums first.


Been there, done that - Got the screenshot.