Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

HBH Penetration Testing Challenge


HBH Penetration Testing Challenge


<img src='http://i6.photobucket.com/albums/y222/hack4u/header.jpg' width='80%'> HBH Members have been asked to penetration test a new cms for a corporate web designer. Anyone is welcome to try and could be a bit of fun trying your skills on a real life website.

He thinks its pretty secure already but wants a few of your top dogs to take a look at it. If you find anything that could used dangerously, then email: nucleocide@yahoo.com

Comments
ghost's avatar
ghost 18 years ago

I submitted an article on the subject at HTS and I have no idea how the system works over there so I probably didn't submit it to HTS at all lol.

Jake definately takes the lead, finding a big security hole in my site, obtaining a sha1 of my password among other usefull info.

SySTeM's avatar
SySTeM 18 years ago

Hmm, aparently HTS doesn't care about blind mysql injections -_-

ghost's avatar
ghost 18 years ago

Thanks for everyones help! Several errors were found, nothing too serious (at least not that would have made it to the production site). Jake found the biggest problems while K_ros found the most small problems.

ghost's avatar
ghost 18 years ago

yeah, i checked it out, pretty much same stuff i found, the layout problem system mentioned and array being shown on registration. Other than that notta