Some notes I took while trying to learn some basic hacking.
read moreLogin: Monstermac77:[redacted]
Things I learned from Hack This Site (the second time)
There’s such a thing as SSI (Server Side Includes). And can be used to execute things, like print out the date
SQL/PHP injection, say that someone has a very rudimentary login field, you submit the following in the password field:
‘ or ‘a’=‘a
HTML Injection, sorta: when there’s a form and each submissions creates a new html file on the directory, you could enter in “ ../index.html” as the name of the new file you want, and that should direct the script to the index.html and replace it with the content you posted.
SQL injection: sometimes a php file will take a get parameter, and we can use that to our advantage. So for instance, “products.php?category=2” is selecting all from a table where the category is 2. You can retrieve things from other tables by doing a UNION ALL SELECT …. from [other table name].
How to use Grep (thanks to Kevin):
grep “string to search” *