Task 4

The system is located in the /LOCALHOST/ZADACHI/4/ folder on the CD-ROM. It is available at http://localhost/zadachi/4/index.php if the HTTP server is installed.

The system is a news system. It stores news items in a database.

It consists of several files. The image from book  INDEX.PHP file displays the news list from the database.

The image from book  NEWS.PHP file takes the id parameter and displays the news message corresponding to the identifier.

  • Goal 1. Find a vulnerability of the SQL source code injection type.

  • Goal 2. Investigate the query and clear up the type and version of the database.

  • Goal 3. Exploit the vulnerability to obtain the logins and the passwords stored in the passwords table of this database. The structure of this table is the following.


 mysql> describe passwords ; +-------+--------------+------+-----+---------+-------+  Field  Type          Null  Key  Default  Extra  +-------+--------------+------+-----+---------+-------+  id     int(ll)             PRI  0                name   varchar(255)  YES        NULL             pass   varchar(255)  YES        NULL            +-------+--------------+------+-----+---------+-------+ 3 rows in set (0.00 sec) 
  • Goal 4. Exploit the vulnerability to obtain the contents of the image from book  NEWS.PHP and image from book  INDEX.PHP files.

Hacker Web Exploition Uncovered
Hacker Web Exploition Uncovered
ISBN: 1931769494
Year: 2005
Pages: 77

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net