Archive for December, 2010

SQL Injection

Posted in SQL injection with tags , on December 16, 2010 by Xacker

 

Advertisements

yet another SQL injection

Posted in SQL injection with tags , , on December 4, 2010 by Xacker

Here I am again, fishing MD5 hashed passwords along with usernames, after successfully exploiting an SQL injection vulnerability in a website. “the website identity will remain enclosed at the time being due to the sensitivity of the operation”

I had to tune my injection multiple times until I was able to extract full data at once and not byte-by-byte extraction.

In order to extract the complete ~950 hashes, I wrote a small python script to automate the process.

it was a great fun 🙂

Enjoy and stay tuned for another hack!