sqli

Bsides Manchester UK 2014 CTF

Evangelos Mourikis Email:vag.mourikis()gmail[dot]com Bsides Manchester 2014 CTF (Hardened Version) 25/01/2015 Challenge link: http://c002.xref.info/ Sql enumeration Firstly, i put an ' to the search field and i clicked search. This is what i got as result: Error in query : [SELECT * FROM…

MyInternet CMS SQL injection in admin panel

MyInternet admin panel login bypass I contacted the company via email reporting that i have found a critical vulnerability affecting some of their customers. They didn't reply back and i decided to make a call to inform the company about the vulnerability. I explained the impact and they answered "I…