Search



Categories

News

Videos

Underground

Vblogs

Hacking Challenges

Sql Injection Challenge!

November 7th, 2007 by Patchy
I’m proud to announce the first Infinity Exists’ Hacking Challenge! The challenge is to find a Sql Injection flaw in our forums, and exploit it to extract password hashes. The first person to complete this challenge will receive a free Infinity Exists T-shirt. The Sql Injection vulnerability is hidden deep in Infinity Exists’ forums, and will be much harder to find then the vulnerability demonstrated in Full Disclosure Episode 11. Tips to help you get started:
  1. Watch Full Disclosure Episode 11!
  2. Download Wp-Forums Source Code
  3. The variable that is used to manipulate the Sql Statement is a POST variable.
Good Luck!
Discuss Here
—————————————————————————————————————————–
Update!
marcel.romard and esc both won Infinity Exists’ Sql Injection Challenge!! Marcel.romard found the Sql injection flaw in the forum’s search that this challenge was based around. Esc found a Sql Injection flaw that we were unaware of in the forum’s RSS feed. Congrats to both of you!

Posted in Hacking Challenge, News | 4 Comments »

4 Responses

  1. clonekiller Says:

    im so lost

  2. hakk3r Says:

    I don’t mean to be an ass but its Tamper Data not Data Tamper :P

  3. vs4vijay Says:

    nice one

  4. ShadowKllr Says:

    I’m just going to pay attention for a while longer.
    You Guys and Gals are AWSOME…Glad I signed up.

You must be logged in to leave a comment.