 |
| |
|
pitbull
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34
|
| |
|
|
|
 |
 | Sent on: 27/09/2005, 17:06:48 | Warn | Edit |
|
|
I'm stuck...
I understand how the system works.
there is 2 cookies one for the pass and one for the user name,
when u try to enter the control panel, the system get information from the cookies then go to database and check if my level is 5, something like that :
user=request.cookie("user");
pass=request.cookie("pass");
select level from tbl where user=user and pass=pass
Am i right?
now, what can I do with that?
I need to register with some nick, then go to the DB and insert 5 to level field?
how can I do that? with sql injection? I didn't found an exploitable place,not in the login page, not in the forum and not in the register page.
If I'll find an exploitable place, how should I inject? I don't know the table's name and the fields names...
help me plz, give me some hints...
Edit by : pitbull At 27/09/2005, 15:08:45
|
|
|
| |
|
|
codingr
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 91
|
| |
|
|
|
|
| Sent on: 27/09/2005, 17:09:34 | Warn | Edit |
|
|
no , you supouse wrongly...
there is allready a subject on that challenge , just go there and ask your question/find out an ansewer.
|
|
|
| |
|
|
 |
|
