Please ask questions ONLY in this topic.

Uptight religious fanatics are failing free-thinking students for questioning their faith. Fulfill every teenage hacker's ultimate fantasy: hack into the school database and change grades! This level has several different layers of security and several different ways of completing it. Enjoy!

Please ask questions ONLY in this topic.

Post by footyfanatic77 on Wed Jun 11, 2008 9:10 pm
([msg=4555]see Please ask questions ONLY in this topic.[/msg])

I've been through the website and found out that the teachers table is vulnerable
I just need to find out the injection
A hint would be much appreciated.
Thank you.

EDITED BY FAITH

Please ask questions only in this topic.
Just to keep the forum neat, and hopefully your post more noticed.
Please help us to keep the forum clean by report trashy posts. :>
You may start a new post if you're making a tutorial. However, if the tutorials are similar, please do not make two.

I wish you best luck with this mission, and hope you enjoy it.

<3 faith.
footyfanatic77
New User
New User
 
Posts: 11
Joined: Mon Apr 21, 2008 7:52 pm
Blog: View Blog (0)


Re: Don't know where to start?

Post by gm war on Wed Jun 18, 2008 4:01 am
([msg=5116]see Re: Don't know where to start?[/msg])

one hint then with this new account i will say update.php
gm war
New User
New User
 
Posts: 1
Joined: Wed Jun 04, 2008 11:17 am
Blog: View Blog (0)


Re: Don't know where to start?

Post by pitagora on Thu Jun 19, 2008 2:39 am
([msg=5246]see Re: Don't know where to start?[/msg])

footyfanatic77 wrote:I've been through the website and found out that the teachers table is vulnerable
I just need to find out the injection
A hint would be much appreciated.
Thank you.


I'm really stuck here. I'm sitting in front of the staff login wondering how to get in. I've check every single script for sql injections and nothing. In what script was the bug? I need a hint here. This is driving me crazy for weeks...

@gm war: there is no update.php.
pitagora
New User
New User
 
Posts: 8
Joined: Tue Jun 17, 2008 10:41 am
Blog: View Blog (0)


Re: Don't know where to start?

Post by White_King on Fri Jun 20, 2008 8:33 pm
([msg=5388]see Re: Don't know where to start?[/msg])

pitagora wrote:
footyfanatic77 wrote:I've been through the website and found out that the teachers table is vulnerable
I just need to find out the injection
A hint would be much appreciated.
Thank you.


I'm really stuck here. I'm sitting in front of the staff login wondering how to get in. I've check every single script for sql injections and nothing. In what script was the bug? I need a hint here. This is driving me crazy for weeks...

@gm war: there is no update.php.


Are you sure?
White_King
New User
New User
 
Posts: 1
Joined: Mon Jun 09, 2008 5:41 pm
Blog: View Blog (0)


Re: Don't know where to start?

Post by footyfanatic77 on Fri Jun 20, 2008 8:58 pm
([msg=5393]see Re: Don't know where to start?[/msg])

Go to the teacher table and click on a teacher then look at the url and the variable
I just don't know the injection for it any hints
thanks
footyfanatic77
New User
New User
 
Posts: 11
Joined: Mon Apr 21, 2008 7:52 pm
Blog: View Blog (0)


grades dont show up

Post by thanaa on Mon Jun 30, 2008 9:42 am
([msg=6125]see grades dont show up[/msg])

Is it supposed to be like that? Just listing the grade scale but no grades?
thanaa
New User
New User
 
Posts: 16
Joined: Sat Jun 28, 2008 9:46 pm
Blog: View Blog (0)


Re: grades dont show up

Post by footyfanatic77 on Thu Jul 03, 2008 2:32 pm
([msg=6482]see Re: grades dont show up[/msg])

Same i think the grades aren't the way your supposed to get in. I'm stuck on this mission too, but I think the teacher table is vulnerable to sql injection
footyfanatic77
New User
New User
 
Posts: 11
Joined: Mon Apr 21, 2008 7:52 pm
Blog: View Blog (0)


Get teacher account?

Post by Tommyboy123a on Sun Jul 06, 2008 11:17 pm
([msg=6723]see Get teacher account?[/msg])

Is there something I'm missing..? I've done this mission before but when I wrote down how to do it I just said "log in as any teacher on the s****.php page. I've tried various SQL injections and the usual inspection but no luck. A push in the right direction would be much appreciated :D
Tommyboy123a
New User
New User
 
Posts: 7
Joined: Tue Jun 24, 2008 8:14 pm
Blog: View Blog (0)


browser issue

Post by raymo39 on Mon Jul 07, 2008 12:01 am
([msg=6728]see browser issue[/msg])

iv logged in, to the correct area, i think
i have a browser problem
if u can help me it would be much appreciated
this seems very vague, im trying not to give spoilers
raymo39
New User
New User
 
Posts: 2
Joined: Tue Jul 01, 2008 11:48 pm
Blog: View Blog (0)


Re: browser issue

Post by Tommyboy123a on Mon Jul 07, 2008 3:13 am
([msg=6735]see Re: browser issue[/msg])

You need to make the server think you are accessing the site from the "holy_teacher" browser.

the php code used is probably something like this
Code: Select all
$user_agent = $_SERVER['HTTP_USER_AGENT'];


a typical user agent looks something like "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; DimensionBrowser; .NET"
but again, you need to make it look like it was coming from "holy_teacher"

I would google "how to change user agent" if i were you, might be easier with firefox as well ;)

[I hope the above wasn't too much of a spoiler?]
Tommyboy123a
New User
New User
 
Posts: 7
Joined: Tue Jun 24, 2008 8:14 pm
Blog: View Blog (0)


Next

Return to (Real 10) Holy Word High School

Who is online

Users browsing this forum: No registered users and 0 guests

cron