View Single Post
07-04-2009, 04:27 PM
#13
Immersion is offline Immersion
Status: Senior Member
Join date: Dec 2005
Location:
Expertise:
Software:
 
Posts: 918
iTrader: 5 / 100%
 

Immersion is on a distinguished road

  Old

And i was blind sql injections.

Code:
 http://cms.rodadewa.net/index.php?id=1 AND ASCII(SUBSTRING((SELECT admin_username FROM admin WHERE admin_id=1),1,1)) = 115
Where 115 is an ascii value. So obviously you can just go through the list of ascii codes til the page gets displayed. Then you know that letter of the username. Wouldn't take much for me to write a script that will loop through the url for each letter with the ascii values and store the value when the html reads what i expect it too. The same thing could be done for the password. Once you get to 32 characters you have the whole hashed password and if it were a dictionary word then a rainbow table could give me the password.

I would then be able to login to the admin.

Reply With Quote