“These courses expects a high standard of professionalism from its students with regard to how security testing is conducted. We expect all students to act in good faith at all times […]”
TL;DR Don’t be mean
Challenge walkthroughs, cool things?
User Identity and Authentication
Weeks 2 - 3
Don’t do this.
Information disclosure baaaad.
Random bytes that are mixed into a passphrase to modify the hash values.
C is for ______
Don’t use cookies to store important stuff.
If you have to, secure it.
SELECT _ FROM _ ...
INSERT INTO _ (COLn, ...) VALUES (VALn, ...)
UPDATE _ SET _ = _ ...
DELETE FROM _ ...
... -- this is a comment
>
- greater than<
- less than=
- equal to<>
- not equal to%
- wildcardDemo:
stock
table
SELECT
, INSERT
, UPDATE
, DELETE
@@Version
- Microsoft SQLVersion()
- MySQLsqlite_version()
- SQLiteuser input = dangerous
'";<lol/>../--#`ls`
SELECT a FROM b WHERE a = '$userInput'
Using ' OR '1'='1
vvvvvvvvvvvvv
SELECT a FROM b WHERE a = '' OR '1' = '1'
^^^^^^^^^^^^^
Demo: login 1, login 2
Step 0: Figure out the syntax, and fingerprint if needed
USER_DOESNT_EXIST
Demo: login 3
SELECT a,b FROM c WHERE d UNION SELECT (SELECT ...), 2
!=
extracting dataCOUNT()
it insteadhttp://website.com/getImage.php?file=image.png
http://website.com/getImage.php?file=/etc/passwd