Friday, October 22, 2010

Hackthissite Realistic mission 2

Analyse the source code of each page.You will se update.php there. It's at the very end of the page. Click on it, or just type the"%20".

View the page source again. This time you will see a form, with the action update2.php. You will try clicking without passwords, and you get "Invalid username/password".

Then click back, so you can type your username and password again. We use SQL injection.Use the username:" ' or 1=1 - " and the same password  and you are done!. SQL injection is a very outdated vulnerability and you will hardly find a web application vulnerable to it.

No comments:

Post a Comment