NiSo
Registerd on: 09/02/2009, 19:34:16
Location::
Posts: 2
|
| |
|
|
|
 |
|
|
Hey!
I've found how the check cookie generated and wrote a script who generate's it
I also wrote a small app that sends requests to the server
I know something in ch***.**p should be SQL Injection
I've tried almost every possible thing but without any success..
I tried in both Login and Change-Passwords
I noticed that the password field is protected against the ' character
so I tried it.. alot of times... but i think it's useless and the server has magic qoutes on
which pretty much holds any possible SQL Injection attacks =\
I belive the login script is like:
SELECT Count(UserName) FROM users WHERE UserName='username' AND Password='password'
and the update password is
UPDATE users SET Password='NewPassword' WHERE UserName='username' AND Password='password'
could you guys give me some hint?
if magic qoutes is on, i cant do nothing here...... =\
|
|
|
| |
|
