Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Hackme_mr

Pages: [1]
1
Hacking and Security / Re: Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo
« on: November 19, 2014, 08:22:02 am »
Cracked this one.


Used: SELECT*FROM users WHERE name =''OR'1'='1'--;

Gave that in the password cookie and the site was cracked.

Staff note: removed the strange formatting

2
Hacking and Security / Re: Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo
« on: November 03, 2014, 07:16:56 pm »
Alrighty! Thanks...

3
Hacking and Security / Re: Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo
« on: November 03, 2014, 11:09:03 am »
Hi RBA,


Thanks. I have tried editing the cookie with ' or '1'=1' . Its not working though.


Thanks for ur reply!



4
Hacking and Security / Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo
« on: November 03, 2014, 07:50:54 am »
Hello...!

I have been given a lab work where I need to hack a web site using Cookie SQL Injection. The username(agentjax) and password(password_here) are present in the cookie and editable. After editing the password to something else and you try login, it gives a generic MySql error. :o Also, the response cookie contains the original set of username(agentjax) and password(password_here), which means I need to inject in POST method if I am not wrong... I am struck here and not sure how to bypass the authentiation!

Could any of you help me out on this! :(

Pages: [1]