Hacking Challenges

Sql Injection Challenge How-to

November 14th, 2007 by Patchy
The Sql Injection Challenge has already been completed, so here is a video demonstration on how to find this Sql Injection flaw and exploited it to extract password hashes. In this video I use a firefox plugin ‘Data Tamper’ that can be download here


Full Size Video
Download Here

Posted in Hacking Challenge, Vblog | 5 Comments

Sql Injection Challenge!

November 7th, 2007 by Patchy
I’m proud to announce the first Infinity Exists’ Hacking Challenge! The challenge is to find a Sql Injection flaw in our forums, and exploit it to extract password hashes. The first person to complete this challenge will receive a free Infinity Exists T-shirt. The Sql Injection vulnerability is hidden deep in Infinity Exists’ forums, and will be much harder to find then the vulnerability demonstrated in Full Disclosure Episode 11. Tips to help you get started:
  1. Watch Full Disclosure Episode 11!
  2. Download Wp-Forums Source Code
  3. The variable that is used to manipulate the Sql Statement is a POST variable.
Good Luck!
Discuss Here
marcel.romard and esc both won Infinity Exists’ Sql Injection Challenge!! Marcel.romard found the Sql injection flaw in the forum’s search that this challenge was based around. Esc found a Sql Injection flaw that we were unaware of in the forum’s RSS feed. Congrats to both of you!

Posted in Hacking Challenge, News | 4 Comments