Injection Help
Hi there,
I'm new to this site, but from what I have gathered it's a pretty nice community. I am not an idiot, but my coding skills are somewhat lacking.
Anywho, I'm trying to 'hack' this thing for various reasons, but anyway ~ it's called Facility ePortal, and its made by a company called Serco.
Its a registering and database system for schools. Here is an example log in page (found from a Google Search, and not my own school):
http://www.taw.org.uk/taw900eportal/index.jsp
After a failed log in, the page turns to this:
http://www.taw.org.uk/taw900eportal/PortalServ?reqtype=login
You can alter the bit on the end from login, to whatever you want and it'll echo it back, so doing something basic like this will work:
http://www.taw.org.uk/taw900eportal/PortalServ?reqtype=<script>alert("Hello HBH")</script>
Now I'm pretty sure that's a bloody major flaw.
I'd like to gain access to an account, make a new one, or gain access to the database. I'm not sure how to proceed to be honest. I've found some things that look exploitable, but if you could help me further, that'd be great.
markupAdminLogin.location = "/taw900eportal/PortalServ?reqtype=loginoutput&showlog=false";
That was in the source code of the page.
There is also a value that is submitted with the page:
markup<input id="ssobypass" name="ssobypass">
Not sure what that is, but it could help.
Any advice or help you could give me would be appreciated.
Thanks very much,
Gav
Did you ever read the forum rules?
http://www.hellboundhackers.org/forum/forum_rules-2-189_0.html
Been there, done that - Got the screenshot.