Some notes I took while trying to learn some basic hacking.

read more

Login: Monstermac77:[redacted]

Things I learned from Hack This Site (the second time)

There’s such a thing as SSI (Server Side Includes). And can be used to execute things, like print out the date

SQL/PHP injection, say that someone has a very rudimentary login field, you submit the following in the password field:

‘ or ‘a’=‘a

HTML Injection, sorta: when there’s a form and each submissions creates a new html file on the directory, you could enter in “ ../index.html” as the name of the new file you want, and that should direct the script to the index.html and replace it with the content you posted.

SQL injection: sometimes a php file will take a get parameter, and we can use that to our advantage. So for instance, “products.php?category=2” is selecting all from a table where the category is 2. You can retrieve things from other tables by doing a UNION ALL SELECT …. from [other table name].

How to use Grep (thanks to Kevin):

grep “string to search” *