Search
Categories
Servers
Server.InfinityExists.com
-IRC Server (Java Client)
(#Infinity_Exists Port 6667)
-Vent Server (Port 3784)
Affiliates
Sql Injection Challenge!
November 7th, 2007 by 
Patchy
I’m proud to announce the first Infinity Exists’ Hacking Challenge! The challenge is to find a Sql Injection flaw in our forums, and exploit it to extract password hashes. The first person to complete this challenge will receive a free Infinity Exists T-shirt. The Sql Injection vulnerability is hidden deep in Infinity Exists’ forums, and will be much harder to find then the vulnerability demonstrated in Full Disclosure Episode 11.
Tips to help you get started:
Discuss Here
—————————————————————————————————————————–
Update!
marcel.romard and esc both won Infinity Exists’ Sql Injection Challenge!! Marcel.romard found the Sql injection flaw in the forum’s search that this challenge was based around. Esc found a Sql Injection flaw that we were unaware of in the forum’s RSS feed. Congrats to both of you!
- Watch Full Disclosure Episode 11!
- Download Wp-Forums Source Code
- The variable that is used to manipulate the Sql Statement is a POST variable.
Discuss Here
—————————————————————————————————————————–
Update!
marcel.romard and esc both won Infinity Exists’ Sql Injection Challenge!! Marcel.romard found the Sql injection flaw in the forum’s search that this challenge was based around. Esc found a Sql Injection flaw that we were unaware of in the forum’s RSS feed. Congrats to both of you!
Posted in Hacking Challenge, News | 
4 Comments »
4 Responses
You must be logged in to leave a comment.
August 18th, 2008 at 7:36 pm
im so lost
September 13th, 2008 at 9:21 pm
I don’t mean to be an ass but its Tamper Data not Data Tamper
October 20th, 2008 at 7:27 pm
nice one
November 20th, 2008 at 12:43 am
I’m just going to pay attention for a while longer.
You Guys and Gals are AWSOME…Glad I signed up.