Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 20 help

  1. Home
  2. Forum
  3. Basic
  4. Basic 20 help

ghost's Avatar

ghost

0 0

I m opening this thread about basic 20 because all others about b20 arent informative at all.

So, I tried a javascript injection (the simpliest thought eveyrybody can do) but obviously this is not the correct answer!

It is mentioned something about sql and cookies. I dont know how this can be useful, though i have been familiar with SQL and javascript, cookies, programming!

I need some help to solve this, or even better, an artickle || a good question for Mr Google…


ghost's Avatar

ghost

0 0

Well if you have tryed with cookie manipulation it has told you that "Nice try, but that isn't the answer we were looking for, there is another way to bypass this login, maybe it's a MySQL login that uses cookies…"….


ghost's Avatar

ghost

0 0

mozzer wrote very good articles. There is some challenge pretty similar to this basic.. (not18)


ghost's Avatar

ghost

0 0

So, help me to understand: This isnt a blind _ _ _ … This does have to do with cookies and Headers?? If i m wrong can you give more help?


ghost's Avatar

ghost

0 0
  1. part wrong
  2. part is 50% correct

ghost's Avatar

ghost

0 0

cookie manipulation is not a solution! header doesnt give any infos…

I m really confused :)


ghost's Avatar

ghost

0 0

It seems that you didn't read mozzers articles :whoa:


ghost's Avatar

ghost

0 0

Or you could speak to me and I'd explain my article


ghost's Avatar

ghost

0 0

here is a way to look at this challenge.

lets say we are talking about php-fusion.

after you are logged in you are given your cookie. your cookie contains your user id / password. each page refresh, the cookie is checked against what is in the database to make sure that your password in your cookie and in the database are correct. in order to know which username that we are checking the password for though we use a WHERE clause in the SQL statement with their user id. now go from there, and hopefully you should have a better idea on what to do.


richohealey's Avatar

richohealey

Python Ninja
0 0

well put chislam


ghost's Avatar

ghost

0 0

ok! thank you guys for your help!

i was looking in the wrong place


ghost's Avatar

ghost

0 0

chislam wrote: …each page refresh, the cookie is checked against what is in the database.. This is a very big hint…think about it…a cookie compared to a sql database with a WHERE… Did you ever exploited a WHERE?


ghost's Avatar

ghost

0 0

its an SQL login that uses cookies… just think of what you use to manipulate cookies and how you use the SQL injections put 2 and 2 together ;)

if this is to much of a spoiler remove it please