A disturbing lack of taste. Just another WordPress site

21Nov/130

CSCAMP CTF Quals 2013 – Web200

NoSQL injection here on MongoDB. Just a bit of google to found out https://www.idontplaydarts.com/2010/07/mongodb-is-vulnerable-to-sql-injection-in-php-at-least/ where the solution is kinda written in plain.

Payload was this: http://176.9.193.6/challenges_x/final/lph/blog.php?id[$ne]=1 that show us all article in the database except the one that has id=1. The SQL equivalent is: "select * from users where id!=1".

Razor4x

Filed under: Uncategorized No Comments
21Nov/130

CSCAMP CTF Quals 2013 – Web50

This task was a very easy one: strcmp() bypass trick.

A login form is provided with username and password passed via POST method, using the strcmp() attack the request will look like this:

username=admin&password[]=a&submit=Login

treating password as an array will let us pass the login.

Razor4x

Filed under: Uncategorized No Comments