Basic 28

This seems to be pretty tough ;)

Let's see what can we get here… No apparent SQL injection, no NULLifying, no RFI.

Furthermore, the objective is not really clear. What's the aim, exactly?

Thank you!

mikispag wrote: Furthermore, the objective is not really clear. What's the aim, exactly? I just took a quick look at it, and I have no idea yet :happy: that's the fun about this kind of challenges…

I guess the aim is to get a hold of a message containing the password or something like that. ^^

Last two posts removed because: contains a link which basically tells you how to do it, the idea is you're meant to work it out yourself, not follow a guide.

At first glance I was thinking it might be email injection…where you could inject additional headers in the $name or $from variable or whatever it may be, but I can't wrap my head around how I could use email injection to get a pass. Oh well, maybe I'll try some more later, I haven't touched a challenge in quite a while.

I dont get it, does this challenge actually send emails? Doesnt seem to be XSS, which was the first thing that sprung to mind. Even read the link system deleted and cant work it out… :whoa:

jjbutler88 wrote: I dont get it, does this challenge actually send emails? Nope, it's a simulated challenge ;) I've got a few ideas now, just need to test them… (and I really don't think it's about about XSS)

The first thing came to mind was XSS, but does not seem like it is XSS.

I think its either some sort of email header injection or some nifty BBCode style injection.

Uber0n wrote: [quote]jjbutler88 wrote: I dont get it, does this challenge actually send emails? Nope, it's a simulated challenge ;) I've got a few ideas now, just need to test them… (and I really don't think it's about about XSS)[/quote]

Erm, yes it does send emails actually… lol, not simulated. But thanks for guessing!

system_meltdown wrote: [quote]Uber0n wrote: [quote]jjbutler88 wrote: I dont get it, does this challenge actually send emails? Nope, it's a simulated challenge ;) I've got a few ideas now, just need to test them… (and I really don't think it's about about XSS)[/quote]

Erm, yes it does send emails actually… lol, not simulated. But thanks for guessing![/quote]

It does? So, as a part of the challenge I should be receiving an email? Or no?? Becuase it's not sending me the email. This only furthers my suspicions that the object is to use email injection of some sort.

slpctrl wrote: [quote]system_meltdown wrote: [quote]Uber0n wrote: [quote]jjbutler88 wrote: I dont get it, does this challenge actually send emails? Nope, it's a simulated challenge ;) I've got a few ideas now, just need to test them… (and I really don't think it's about about XSS)[/quote]

Erm, yes it does send emails actually… lol, not simulated. But thanks for guessing![/quote]

It does? So, as a part of the challenge I should be receiving an email? Or no?? Becuase it's not sending me the email. This only furthers my suspicions that the object is to use email injection of some sort.[/quote]

It's a form to contact the admin, so why would it send you the email? :p

system_meltdown wrote: [quote]slpctrl wrote: [quote]system_meltdown wrote: [quote]Uber0n wrote: [quote]jjbutler88 wrote: I dont get it, does this challenge actually send emails? Nope, it's a simulated challenge ;) I've got a few ideas now, just need to test them… (and I really don't think it's about about XSS)[/quote]

Erm, yes it does send emails actually… lol, not simulated. But thanks for guessing![/quote]

It does? So, as a part of the challenge I should be receiving an email? Or no?? Becuase it's not sending me the email. This only furthers my suspicions that the object is to use email injection of some sort.[/quote]

It's a form to contact the admin, so why would it send you the email? :p[/quote]

Ah alright :p

It's a form to contact the admin, so why would it send you the email? :p

Ive just done it! Read the sentence over and over until you get the idea…. :p

@system, what %age of sites out there are vulnerable (?) to this? Never really thought of it, but seems like it could be useful.

jjbutler88 wrote: [quote] It's a form to contact the admin, so why would it send you the email? :p

Ive just done it! Read the sentence over and over until you get the idea…. :p

@system, what %age of sites out there are vulnerable (?) to this? Never really thought of it, but seems like it could be useful.[/quote]

Well done :) And erm, not sure, quite a few are though :p

jjbutler88 wrote: [quote] It's a form to contact the admin, so why would it send you the email? :p

Ive just done it! Read the sentence over and over until you get the idea…. :p

@system, what %age of sites out there are vulnerable (?) to this? Never really thought of it, but seems like it could be useful.[/quote]

Im reading this thing over and over and over but stiill can't figure it out. Something about sensitive data im guessing. but don't know.

Ok, so excuse my hat turning a little black for this question, but wouldn't this work in say - password recovery forms? Thats a pretty damaging vulnerability then.

@shadowls - The admin doesn't want you to get the email, but you want it. Really dont want to spoil it just think how you can get that email…

system_meltdown wrote: Erm, yes it does send emails actually… lol, not simulated. But thanks for guessing! Haha, as soon as I read this I beat it xD I was sure it didn't require a real email, but just needed any email as input :p

jjbutler88 wrote: Ok, so excuse my hat turning a little black for this question, but wouldn't this work in say - password recovery forms? Thats a pretty damaging vulnerability then.

@shadowls - The admin doesn't want you to get the email, but you want it. Really dont want to spoil it just think how you can get that email…

What email? Should I get the email that I just put before? I don't get it…:(

454447415244 wrote: What email? Should I get the email that I just put before? I don't get it…:( You must do something to make it send the email to you. That's what the challenge is all about ;)

I think I got it… Can I pm someone to check what I got?

Go for it

jjbutler88 wrote: what %age of sites out there are vulnerable (?) to this? Never really thought of it, but seems like it could be useful.

a ridiculas amount! even high profile sites. you will be very surprised whats vunerable.

sweeeet….. :ninja:

Forgot your password forms as well? Or just contact forms. And couldnt you build a fake page, that appends your injection to the email provided to phish? Not that I do that kinda thing, but sounds like a good way to do it.

[edit]Fucking huge spoiler…[/edit]

can I pm someone with what i have.

i saw smth like that (i think on hackthissite) i had to use source editor just to change e-mail(because it was sending passwd to one e-mail) so maybe i think i need to change e-mail (but there is no e-mail in source so maybe there is some script or i have to inject smth like SSI (but i think that SSI will not work here) or smth else if i am wrong dont listen me (i am just thinking loud) and if this is spoiler delete this but i thin this is not a spoiler

crashbird wrote: can I pm someone with what i have.

Yes, you can pm me if you want. :)

@ bullet

No, its not SSI. ;)

=]

ok …. i figured out a way …. tried it … does'nt seems to be working …. PMed flame_1221 too … no response yet ….. how should i proceed … anyone plz…..

first thing i tried was a packet sniffer to see if there was a hidden message somewhere. that didnt work. Going back to the challenge to see what's up now. BTW can i please please get my 3k points back… I can't even get the points from the pen testing now cuz i already got them before but they're not added up into the total points

Can i pm someone?? this one's doing my head in because I am pretty sure I have it

You can PM me:)

pls can I pm someone with what I've got, just to verify if I'm on right track

Yeah PM me

Ok, I think I have the correct exploit.

However, I'm not sure about the syntax. I've tried entering it a number of different way's but to no avail.

If I could pm some one with what I have I'd greatly appreciate it.

PM me if you want

anyone i can pm for this one? i think i have it but, I cant get it to work. I have read and tried and read some more but i cannot get it to work.

Everyone hates you. And then you double post…..

Wishful thinking.

I think i know the xploit on this one but i'm having trouble entering it in the right way… can i PM some1 to know if i'm right?

thx

basa wrote: I think i know the xploit on this one but i'm having trouble entering it in the right way… can i PM some1 to know if i'm right?

thx

yeah you can gimme a pm ;)

pm me if u want! ;)

Yea I've tried massive exploits seems i need to get back to the basics

Yeah, I've been working on this one, too… I figure I'm probably using the wrong set of characters for the escape. It'll just take time, though.

This one was difficult initially. I'm glad I got it, and this thread certainly helped me figure out what kind of exploit it would be.

At that point, it just became an issue of trying different escape characters.

And Cyph3rHell, you don't have to answer the PM I sent you about this challenge :D

It should be done like the "Script" kiddies maybe ya

Best way to do it is with the FF extension Tamper Data. No doubt.

UGH! This is bugging the crap out of me!!! I know the type of injection, and I've tested many E*****s and H****r mods.

I'm completely at loss what to do now :-[

I've tried adding the extra fields "mailTo" and "to" to the form's Post Data (Using Tamper Data) - But it's not seeming to work - Am I on the right track with the wrong names, or not even close? :|

Ok, I tried dozens of escape sequences in many combinations and I can't get any of them to work. Can I get a hint or PM someone?

You can PM me if you like.

Finally got it!!! All I had to do was use liveheaders to modify the post headers instead of using the form. Apparently html encoding messed things up somehow. Thanks system_meltdown you don't need to reply to that PM now :D .

I think I'm doing it correctly >.> can I pvt someone what I'm trying?

You can pm me ;)