Search found 5 matches

Go to advanced search

by guxx
Sat Jan 31, 2009 7:59 pm
Forum: Challenges Solved
Topic: Telecran
Replies: 24
Views: 2027

Evil Luxembourg flag

Oh yes, the evil thing is the Luxembourg flag which made me think that it got something to do with the telecran magazine. There is an article called "Secret Project Dolphin - revealed" ... I found the etch-a-sketch connection by wikipedia but the Luxembourg flag led me to further investiga...
by guxx
Mon Dec 15, 2008 11:53 pm
Forum: Challenges Solved
Topic: Forced Entry
Replies: 17
Views: 1622

How did you manage that?
Put the following text in the name field and it exposes the password:
1' UNION ALL SELECT password FROM user/*

Of course this wasn't straightforward and I had to guess the table and column names. It took some time to get there :wink:

Guido
by guxx
Wed Nov 26, 2008 6:29 am
Forum: Challenges Solved
Topic: Forced Entry
Replies: 17
Views: 1622

I used manual SQL injection attacks and finally managed to get the password published by an MySQL error ("Unknown column 'password' in where clause").

I'm interested in how the used SQL statements look like on the login page.
@adum: Can you post your code here please?

Guido
by guxx
Tue Nov 25, 2008 11:05 pm
Forum: Challenges Solved
Topic: Too many digits
Replies: 14
Views: 836

curl

After trying wget without success I managed to get it with curl.

Guido
by guxx
Sat Nov 08, 2008 12:18 am
Forum: Challenges
Topic: 'The Powers That Be' challenge... please help me...
Replies: 13
Views: 17449

Just proved that it is possible to solve it on Windows, too :wink:

Go to advanced search