WingNews logo WingNews
top | item 41393200

(no title)

AntonyGarand | 1 year ago

The md5 part of the sqli is added by the pentester, likely because they needed a call that would end in a parenthesis within the injection parameter

discuss

order

tomsmeding|1 year ago

There is already a call to MD5 in the original query; see the first image in the article, which they apparently obtained by submitting ' as the username: https://images.spr.so/cdn-cgi/imagedelivery/j42No7y-dcokJuNg...

jerf|1 year ago

Yup, and there we can see the password is just splatted in with no salt. 99%+ the password is an injection attack too, but one only needs one set of the keys to the kingdom to make the point, so the article never discusses getting in via password instead and the author may well never have checked, because it couldn't make things any worse.

0x0|1 year ago

The screenshot in the article shows MD5() is returned as part of the error message from the web server, so it is probably also a part of the original server-side query.