Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by Tomboby on Sun Jul 24, 2011 12:24 am
([msg=60078]see Re: Please ask questions ONLY in this topic.[/msg])

Umm.... Admins I think this this Mission has been hacked.

Following an SQL injection into the 'found' "said"-- user vulnerability.
I came across a list of 5765 users that were named rather retardedly e.g Lisa M. : I am sweet, Peter McDonald : fatman.
And repeated names of "Gary Hunter: whom I was trying to find......

Then, in the user registering section the code had been chopped.. might have been on purpose.

Were these all done on purpose? Or is there really and error with this mission? :!:
Tomboby
New User
New User
 
Posts: 4
Joined: Tue Jul 19, 2011 3:59 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by mShred on Sun Jul 24, 2011 4:05 am
([msg=60085]see Re: Please ask questions ONLY in this topic.[/msg])

Tomboby wrote:Umm.... Admins I think this this Mission has been hacked.

Following an SQL injection into the 'found' "said"-- user vulnerability.
I came across a list of 5765 users that were named rather retardedly e.g Lisa M. : I am sweet, Peter McDonald : fatman.
And repeated names of "Gary Hunter: whom I was trying to find......

Then, in the user registering section the code had been chopped.. might have been on purpose.

Were these all done on purpose? Or is there really and error with this mission? :!:

All of the usernames and whatnot are purposely put there. I think you actually submit them into the database. You have to figure out which one. As for the chopped code..? I'm not sure what you're talking about.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1612
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Please ask questions ONLY in this topic.

Post by Tomboby on Mon Jul 25, 2011 3:09 am
([msg=60117]see Re: Please ask questions ONLY in this topic.[/msg])

mShred wrote:
Tomboby wrote:Umm.... Admins I think this this Mission has been hacked.

Following an SQL injection into the 'found' "said"-- user vulnerability.
I came across a list of 5765 users that wer......

All of the usernames and whatnot are purposely put there. I think you actually submit them into the database. You have to figure out which one. As for the chopped code..? I'm not sure what you're talking about.


Chopped code, On the register page of the mission:

<BR><B>Wanted Description:<A> </A></B><BR><textarea name="desc" rows=5 cols=20 maxlength=255></textarea><BR>
<input type="submit" value="Register"
</form>

</body>
</html>


I'm not sure on what to do to fix this, so here's the question:
What can I do to fix this code and what are the steps required?

Note
I've tried saving as a html and editing it, but it links back to my hard drive directory...
Is there a program that can live edit the source code?
Tomboby
New User
New User
 
Posts: 4
Joined: Tue Jul 19, 2011 3:59 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Phantom Wolf on Mon Jul 25, 2011 3:40 am
([msg=60118]see Re: Please ask questions ONLY in this topic.[/msg])

@Tomboy

That looks like a typo, consider sending a bug report. Whoever coded this mission forgot the closing angle bracket. There's a Firefox addon called Firebug that you can use to fix this. Chrome's developer tools has a something similar to Firebug built in.
"Well it isn't my fault. I shouldn't have been allowed to do something to crash it." "No, you shouldn't have been allowed to buy a computer in the first place"
Phantom Wolf
Poster
Poster
 
Posts: 271
Joined: Wed Mar 03, 2010 8:45 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Tomboby on Mon Jul 25, 2011 3:56 am
([msg=60119]see Re: Please ask questions ONLY in this topic.[/msg])

@Phantom Wolf

Thanks, I managed to add the "referer" element of the submission data in the corrected copy on my webpage: "http://www.hackthissite.org/missions/realistic/8/search2.php" so hackthissite thought it was the original.
This was achieved using tamper data, although I would love to learn how to do this manually ;)

Will submit a bug report, but it's probably done on purpose, an update perhaps, just to help limit the amount of registering newbies.
Tomboby
New User
New User
 
Posts: 4
Joined: Tue Jul 19, 2011 3:59 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by durazell on Sun Aug 07, 2011 1:56 am
([msg=60648]see Re: Please ask questions ONLY in this topic.[/msg])

For those struggling with clearing the logs, sometimes mission description tells literally what to do :).
durazell
New User
New User
 
Posts: 1
Joined: Sun Aug 07, 2011 1:54 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by thesauce789 on Mon Aug 08, 2011 12:32 am
([msg=60665]see Re: Please ask questions ONLY in this topic.[/msg])

ok so i got the full list of people by SQL injection...theres somewhere like 5000+ results and 4000 of them are gary hunter related, how can i narrow it down
thesauce789
New User
New User
 
Posts: 1
Joined: Mon Aug 08, 2011 12:10 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Ultrazz_1 on Mon Aug 22, 2011 7:29 am
([msg=61095]see Re: Please ask questions ONLY in this topic.[/msg])

Hey i stucked at begin, the page doesn't allowing me to register, and i tried on search to find some username just to login, i did found it, but when i refresh page or go on Home, it just disconnect me from account..
Ultrazz_1
New User
New User
 
Posts: 1
Joined: Mon Aug 22, 2011 7:23 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cjt08c on Mon Aug 22, 2011 3:20 pm
([msg=61110]see Re: Please ask questions ONLY in this topic.[/msg])

Some of the descriptions are very misleading. I was fooled into thinking a few wrong ones were the username I was looking for. There's a lot of bs to wade through in the user list. Don't give up.
cjt08c
New User
New User
 
Posts: 1
Joined: Mon Aug 22, 2011 3:06 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by boyhell11 on Mon Sep 26, 2011 1:05 am
([msg=61839]see Re: Please ask questions ONLY in this topic.[/msg])

its gives me 6072 user name's and pass.... dont know what to do. but i m surely not going to try them all.
instead i am trying to write a script to do it for me. ut it gives me "invalid referral"...... any hint on what the referral part is?
boyhell11
New User
New User
 
Posts: 5
Joined: Sat Sep 17, 2011 6:09 am
Blog: View Blog (0)


PreviousNext

Return to (Real 8) United Banks Of America

Who is online

Users browsing this forum: No registered users and 0 guests