29 Nov

SQL injection with raw MD5 hashes – cvk | nc -l -p 80

One challenge at yesterday’s CTF was a seemingly-impossible SQL injection worth 300 points. The point of the challenge was to submit a password to a PHP script that would be hashed with MD5 before being used in a query. At first glance, the challenge looked impossible.

via SQL injection with raw MD5 hashes – cvk | nc -l -p 80. Seemingly impossible to build a password that would after being MD5 hashed return a SQL injection, but nope it is possible even within a reasonable time frame.

Leave a Reply

Your email address will not be published. Required fields are marked *