Follow us on Twitter!
Don't judge the unknown - Grindordie
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 23
Members Online: 0

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Challenges | Pen Testing Challenges

Author

Penetration testing 2 - need few guidelines please *POSSIBLE SPOILER*

TommyCat
Member

Your avatar

Posts: 35
Location:
Joined: 23.08.05
Rank:
Newbie
Posted on 27-10-10 01:00
I got the part with the login pretty quick, and then the part on the edit news page.
for the database page i think i have to use sql injection, but i don't know the name of the database file, file that i think i have to find using the "Files" page because i see there that the default extension for the file is "CSV", comma separated values.
This requires that multiple CSV files are in a directory, and so that directory can act as a "database" in which the CSV files are the tables.. or have i got this wrong? if I did get it right, then this means that there has to be a *hidden* directory around there. How can i find out if this directory exists? I have tried to download all the "site" but this didn't help.
I've tried the " %00 " on the files page also, hoping to strip down the extensions ( I know that php won't interpret anything after %00, so this should have removed the ".csv" part (possible vulnerability), but this didn't work either.
Something interesting is on the delete account page. The parameters are passed with " && " between them, not just " & " , so I guess this is a clue, but I didn't find anything about it on Google, so please help me a little bit here.

I would appreciate some guidelines about this one, as well as some articles to read.
Thank you


It's the final CountDowN
Author

RE: Problem with Chrome

TommyCat
Member

Your avatar

Posts: 35
Location:
Joined: 23.08.05
Rank:
Newbie
Posted on 27-10-10 04:07
I'm sorry mate, but in Chrome web browser, %00 is not working. So for everyone out there that want to get rid of the ".csv" and can't do it in chrome, just switch to Mozilla
If only I knew this a few hours ago Grin


It's the final CountDowN