Sql Injection Challenge How-to

Patchy — Thu, 15 Nov 2007 04:10:14 +0000

The Sql Injection Challenge has already been completed, so here is a video demonstration on how to find this Sql Injection flaw and exploited it to extract password hashes. In this video I use a firefox plugin ‘Data Tamper’ that can be download here

Full Size Video
Download Here

Sql Injection Challenge!

Patchy — Thu, 08 Nov 2007 04:35:15 +0000

I’m proud to announce the first Infinity Exists’ Hacking Challenge! The challenge is to find a Sql Injection flaw in our forums, and exploit it to extract password hashes. The first person to complete this challenge will receive a free Infinity Exists T-shirt. The Sql Injection vulnerability is hidden deep in Infinity Exists’ forums, and will be much harder to find then the vulnerability demonstrated in Full Disclosure Episode 11. Tips to help you get started:

Watch Full Disclosure Episode 11!
Download Wp-Forums Source Code
The variable that is used to manipulate the Sql Statement is a POST variable.

Good Luck!
Discuss Here
—————————————————————————————————————————–
Update!
marcel.romard and esc both won Infinity Exists’ Sql Injection Challenge!! Marcel.romard found the Sql injection flaw in the forum’s search that this challenge was based around. Esc found a Sql Injection flaw that we were unaware of in the forum’s RSS feed. Congrats to both of you!

Infinity Exists » Hacking Challenge

Sql Injection Challenge How-to

Sql Injection Challenge!