Monday, June 17, 2013

3dub 2

2pt challenge @ http://babysfirst.shallweplayaga.me:8041
we are given a simple login page typical username and password setup











We assumed sql so..














and....












so it is SQLinjection...we are pretty n00b over here so we used our toolkit to our advantage
SQLmap















It says there is a keys table so lets make a query to the table and grab that info
SQL(name' UNION ALL SELECT * FROM keys -- )

YAY...

No comments:

Post a Comment