Task 4

Previous page
Table of content
Next page

The system is located in the /LOCALHOST/ZADACHI/4/ folder on the CD-ROM. It is available at http://localhost/zadachi/4/index.php if the HTTP server is installed.

The system is a news system. It stores news items in a database.

It consists of several files. The image from book  INDEX.PHP file displays the news list from the database.

The image from book  NEWS.PHP file takes the id parameter and displays the news message corresponding to the identifier.

  • Goal 1. Find a vulnerability of the SQL source code injection type.

  • Goal 2. Investigate the query and clear up the type and version of the database.

  • Goal 3. Exploit the vulnerability to obtain the logins and the passwords stored in the passwords table of this database. The structure of this table is the following.

Passwords 

 mysql> describe passwords ; +-------+--------------+------+-----+---------+-------+  Field  Type          Null  Key  Default  Extra  +-------+--------------+------+-----+---------+-------+  id     int(ll)             PRI  0                name   varchar(255)  YES        NULL             pass   varchar(255)  YES        NULL            +-------+--------------+------+-----+---------+-------+ 3 rows in set (0.00 sec)

  • Goal 4. Exploit the vulnerability to obtain the contents of the image from book  NEWS.PHP and image from book  INDEX.PHP files.


Previous page
Table of content
Next page
Hacker Web Exploition Uncovered
Hacker Web Exploition Uncovered
ISBN: 1931769494
EAN: N/A
Year: 2005
Pages: 77
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
Visual C# 2005 How to Program (2nd Edition)
Postfix: The Definitive Guide
Information Dashboard Design: The Effective Visual Communication of Data
Microsoft VBScript Professional Projects
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy