| User | Post |
|
8:38 pm
November 7, 2007
|
Patchy
| | Champaign, IL | |
| Admin
| posts 1645 |
|
|
I’m proud to announce the first Infinity Exists’ Hacking Challenge! The challenge is to find a Sql Injection flaw in our forums, and exploit it to extract password hashes. The first person to complete this challenge will receive a free Infinity Exists T-shirt. The Sql Injection vulnerability is hidden deep in Infinity Exists’ forums, and will be much harder to find then the vulnerability demonstrated in Full Disclosure Episode 11.
Tips to help you get started:
1. Watch Full Disclosure Episode 11!
2. Download Wp-Forums Source Code
3. The variable that is used to manipulate the Sql Statement is a POST variable.
Good Luck!
|
"From the perspective of these infinites, all finites are equal, and I see no reason for fixing our imagination on one rather than on another."n~ Blaise Pascal, Pensées
|
|
|
9:35 pm
November 7, 2007
|
GONZO
| | | |
| Guru | posts 569 |
|
|
were is this Wp-Forums Source Code
|
|
|
9:42 pm
November 7, 2007
|
Patchy
| | Champaign, IL | |
| Admin
| posts 1645 |
|
|
|
|
"From the perspective of these infinites, all finites are equal, and I see no reason for fixing our imagination on one rather than on another."n~ Blaise Pascal, Pensées
|
|
|
9:52 pm
November 7, 2007
|
GONZO
| | | |
| Guru | posts 569 |
|
|
im confused i dont get what to do with it?
|
|
|
10:17 pm
November 7, 2007
|
Patchy
| | Champaign, IL | |
| Admin
| posts 1645 |
|
|
When you find a variable that you think is vulnerable the source code will help you develop a union select statement
|
"From the perspective of these infinites, all finites are equal, and I see no reason for fixing our imagination on one rather than on another."n~ Blaise Pascal, Pensées
|
|
|
10:18 pm
November 7, 2007
|
GONZO
| | | |
| Guru | posts 569 |
|
|
i tried every thing in the vid i got nothing ill keep trying tomarrow
|
|
|
10:24 pm
November 7, 2007
|
Patchy
| | Champaign, IL | |
| Admin
| posts 1645 |
|
|
Remember that the vulnerable variable is a POST not a GET like in the video.
|
"From the perspective of these infinites, all finites are equal, and I see no reason for fixing our imagination on one rather than on another."n~ Blaise Pascal, Pensées
|
|
|
1:03 am
November 8, 2007
|
esc
| | | |
| Member | posts 15 |
|
|
we need to find blind sql injection in form.
patchy can we post only POC?
|
|
|
3:29 pm
November 8, 2007
|
GONZO
| | | |
| Guru | posts 569 |
|
|
why does it have to be so hard? iv tried so many things i dont even know to start now.
|
|
|
4:07 pm
November 8, 2007
|
esc
| | | |
| Member | posts 15 |
|
|
in php post statement is shown like this
_POST
u need to look in few files for that statement. look for single and double '
look for SELECT * FROM statement in php. There is most of exploits in php.
That is small hint.
|
|
|
6:36 pm
November 8, 2007
|
GONZO
| | | |
| Guru | posts 569 |
|
|
still nothing i want that damn shirt though. still cant find anything _POST
|
|
|
7:01 pm
November 8, 2007
|
Patchy
| | Champaign, IL | |
| Admin
| posts 1645 |
|
|
@esc: The challenge isn't blind sql injection. It's just injecting a union select statement into a POST variable (You can use the same method illustrated in ep. 11 to find it). When you complete the mission (extract password hashes) the challenge will notify you that you completed it. If you find a sql injection flaw and it doesn't say you completed the challenge you can post PoC here, so I can fix it.
@Gonzo: where are you looking for $_POST?
Go here: http://www.w3schools.com/php/php_post.asp
|
"From the perspective of these infinites, all finites are equal, and I see no reason for fixing our imagination on one rather than on another."n~ Blaise Pascal, Pensées
|
|
|
7:18 pm
November 8, 2007
|
GONZO
| | | |
| Guru | posts 569 |
|
|
i been trying to alter the url.
do i have to alter the view source?
this is way harder than i thought
|
|
|
8:30 pm
November 8, 2007
|
N3th4x
| | | |
| Member | posts 29 |
|
|
Hmm…I am assuming (hoping) this challenge is incorporating the tactics used in the video? As in, possibly finding a hash and cracking it, using c&a etc? Please say yes. =P
|
|
|
10:12 pm
November 8, 2007
|
esc
| | | |
| Member | posts 15 |
|
|
patchy u have sql injection in forum_feed.php. That is if u didn't change the source code.
[code]WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY `date` DESC' at line 1]
SELECT * FROM wp_forum_posts WHERE thread_id = ORDER BY `date` DESC [/code]
I didn't try to use in this form i try on my on version.
SQL is in POST statement. I am sure that is much more sql injection but i don't have time to look. I don't know if i get T-shirt but is ok.
|
|
|
11:53 pm
November 8, 2007
|
N3th4x
| | | |
| Member | posts 29 |
|
|
Arrgggghhhhhh!!!!!!!!!!!!!!!!!!! I am not going to have any hair left by the end of the night!!!
Seriously though, the challenge idea is an AWESOME idea guys. Ummm, maybe if you all have time, you could throw some, err, easier challenges our way, for kicks. =)
|
|
|
12:02 am
November 9, 2007
|
Patchy
| | Champaign, IL | |
| Admin
| posts 1645 |
|
|
@esc: Hey esc im having troubles reproducing the error you got. Are you manipulating the thread id in the link rss feed option? Try it on this website it may be patched. That not the sql injection flaw that is used in the challenge but if you can get it to extract password hashes then we can give you a T-shirt for that.
|
"From the perspective of these infinites, all finites are equal, and I see no reason for fixing our imagination on one rather than on another."n~ Blaise Pascal, Pensées
|
|
|
12:22 am
November 9, 2007
|
Patchy
| | Champaign, IL | |
| Admin
| posts 1645 |
|
|
@esc: O gosh! I got your sql injection to extract hashes. Very Very nice find! I never even thought to check the stupid RSS feed for sql injection. Thanks a lot for finding that for us, and we be sure to send you a t-shirt if you want to email be your address.
|
"From the perspective of these infinites, all finites are equal, and I see no reason for fixing our imagination on one rather than on another."n~ Blaise Pascal, Pensées
|
|
|
6:49 am
November 9, 2007
|
GONZO
| | | |
| Guru | posts 569 |
|
|
does that mean game over than.
|
|
|
8:29 am
November 9, 2007
|
Patchy
| | Champaign, IL | |
| Admin
| posts 1645 |
|
|
Nope, no one has fond the Sql Injection flaw that this challenge is based on.
|
"From the perspective of these infinites, all finites are equal, and I see no reason for fixing our imagination on one rather than on another."n~ Blaise Pascal, Pensées
|
|
Login 
Register 
Search 
Forum
Print this Post 
Topic RSS 
