Overkill, much?
K
Please ask questions ONLY in this topic.
Re: Please ask questions ONLY in this topic.
by Slahd on Wed Jun 01, 2011 10:13 am
([msg=57985]see Re: Please ask questions ONLY in this topic.[/msg])
I finally did it! It seems so much simpler than it did back when I first saw this mission. Here's an extremely vague thing I did to it. 500.
Overkill, much?
K
Overkill, much?
K
CheckFINISHED checkFINISHED checkFINISHED
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
- Slahd
- Experienced User
- Posts: 65
- Joined: Sat May 28, 2011 12:24 pm
- Location: Portland, OR
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by ereK on Wed Jun 01, 2011 10:54 am
([msg=57988]see Re: Please ask questions ONLY in this topic.[/msg])
getting madddddddddddddddddd
i tried maybe everything but not a good way for this one lol
i tried maybe everything but not a good way for this one lol
- ereK
- New User
- Posts: 5
- Joined: Tue May 31, 2011 6:21 pm
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by Slahd on Wed Jun 01, 2011 11:16 am
([msg=57989]see Re: Please ask questions ONLY in this topic.[/msg])
Well, remember that it's not about getting the band to the top of the page. It's about making #1. What one thing on that webpage will make Raging Inferno #1? Or rather, what one thing made Imposing Republic #1? Try to make some changes to it and look at the number I posted on my post above yours.
S
S
CheckFINISHED checkFINISHED checkFINISHED
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
- Slahd
- Experienced User
- Posts: 65
- Joined: Sat May 28, 2011 12:24 pm
- Location: Portland, OR
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by ereK on Wed Jun 01, 2011 11:46 am
([msg=57990]see Re: Please ask questions ONLY in this topic.[/msg])
Sladh
can i pm you my approach ???
can i pm you my approach ???
- ereK
- New User
- Posts: 5
- Joined: Tue May 31, 2011 6:21 pm
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by Slahd on Wed Jun 01, 2011 1:35 pm
([msg=57992]see Re: Please ask questions ONLY in this topic.[/msg])
You may. I'll try not to tell you the exact solution, but with PM's, I can elaborate more than on the forums.
S
S
CheckFINISHED checkFINISHED checkFINISHED
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
- Slahd
- Experienced User
- Posts: 65
- Joined: Sat May 28, 2011 12:24 pm
- Location: Portland, OR
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by winter-owned on Sat Jun 11, 2011 1:56 pm
([msg=58365]see Re: Please ask questions ONLY in this topic.[/msg])
I just wanted to say that the solution to this mission really is useful and realistic. I've been doing missions on HTS for a while. I've done half of the basic missions and most of the javascript missions without really getting a sense that I was learning anything that I could apply to non-HTS hacking.
I've found several websites that are vulnerable in the way the band review page is. Pretty exciting. Now if only I had a friend who was going to lose an unfair bet ...
I've found several websites that are vulnerable in the way the band review page is. Pretty exciting. Now if only I had a friend who was going to lose an unfair bet ...
- winter-owned
- New User
- Posts: 33
- Joined: Thu Mar 10, 2011 12:14 am
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by conscience on Sat Jun 11, 2011 3:53 pm
([msg=58372]see Re: Please ask questions ONLY in this topic.[/msg])
[OFF]Mixing this one up with some deeper ones you'll encounter during HTS realistic missions, you'll discover much more serious flaws in the web apps out there 
Unfortunately this is very often and usually compromises sensitive data. The best part of the story is that if you alert the stuff of the site that you have found a serious security hole that must be fixed ASAP, they usually don't give a crap, leaving data of the users (e.g. personal data like mailing address or phone number) exposed to anyone. [/OFF]
[EDIT]ereK: If you're still having difficulties with this one, you can PM me.[/EDIT]
Unfortunately this is very often and usually compromises sensitive data. The best part of the story is that if you alert the stuff of the site that you have found a serious security hole that must be fixed ASAP, they usually don't give a crap, leaving data of the users (e.g. personal data like mailing address or phone number) exposed to anyone. [/OFF][EDIT]ereK: If you're still having difficulties with this one, you can PM me.[/EDIT]
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
- conscience
- Poster
- Posts: 248
- Joined: Thu Jan 08, 2009 9:05 pm
- Location: 127.0.0.1
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by talexyy on Sun Jun 12, 2011 2:18 pm
([msg=58398]see Re: Please ask questions ONLY in this topic.[/msg])
Well, I did it and it was quite easy. But one question remains, will this technique work in any situation on any site?
- talexyy
- New User
- Posts: 4
- Joined: Sat Jun 11, 2011 6:05 pm
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by Phantom Wolf on Sun Jun 12, 2011 2:34 pm
([msg=58399]see Re: Please ask questions ONLY in this topic.[/msg])
talexyy wrote:Well, I did it and it was quite easy. But one question remains, will this technique work in any situation on any site?
No. I doubt you'll find any serious site vulnerable to this.
"Well it isn't my fault. I shouldn't have been allowed to do something to crash it." "No, you shouldn't have been allowed to buy a computer in the first place"
- Phantom Wolf
- Poster
- Posts: 274
- Joined: Wed Mar 03, 2010 8:45 pm
- Blog: View Blog (0)
Re: Please ask questions ONLY in this topic.
by conscience on Sun Jun 12, 2011 5:22 pm
([msg=58414]see Re: Please ask questions ONLY in this topic.[/msg])
Phantom Wolf wrote:talexyy wrote:Well, I did it and it was quite easy. But one question remains, will this technique work in any situation on any site?
No. I doubt you'll find any serious site vulnerable to this.
Some mid-sized and small sites actually tend to share this flaw even with an underlying SQLi
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
- conscience
- Poster
- Posts: 248
- Joined: Thu Jan 08, 2009 9:05 pm
- Location: 127.0.0.1
- Blog: View Blog (0)
Return to (Real 1) Uncle Arnold's Local Band Review
Who is online
Users browsing this forum: No registered users and 0 guests