Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Hackme_mr

Pages: [1]

Hacking and Security / Re: Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo

« on: November 19, 2014, 08:22:02 AM »

Cracked this one.

Used: SELECT*FROM users WHERE name =''OR'1'='1'--;

Gave that in the password cookie and the site was cracked.

Staff note: removed the strange formatting

Hacking and Security / Re: Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo

« on: November 03, 2014, 07:16:56 PM »

Alrighty! Thanks...

Hacking and Security / Re: Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo

« on: November 03, 2014, 11:09:03 AM »

Hi RBA,

Thanks. I have tried editing the cookie with ' or '1'=1' . Its not working though.

Thanks for ur reply!

Hacking and Security / Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo

« on: November 03, 2014, 07:50:54 AM »

Hello...!

I have been given a lab work where I need to hack a web site using Cookie SQL Injection. The username(agentjax) and password(password_here) are present in the cookie and editable. After editing the password to something else and you try login, it gives a generic MySql error.

Also, the response cookie contains the original set of username(agentjax) and password(password_here), which means I need to inject in POST method if I am not wrong... I am struck here and not sure how to bypass the authentiation!

Could any of you help me out on this!

Pages: [1]