What about Web Security?
Do you think you can tackle simple CTFs with your current knowledge?
No? What a shame! :-(
But don’t worry, we’ve got what you need. This is the first class offered by ZenHack: Web Security, Part 1.
Imagine you have this SQL Command in a PHP script:
$con->query("SELECT * FROM users WHERE username='$user' AND password='$pass'”);
$pass are parameters directly passed to the query.
Well…. what about
LOL' -- -?
SELECT * FROM users WHERE username='LOL' -- -' AND password='anything'
-- is the comment syntax in SQL, so I need another char after the blank to trigger this trick (and avoid trimming).
Le jeux sont fait. This query returns every user stored on the DB.
Isn’t it so cute?
avalz also created a Virtual Machine (cyber-gym) which contains different exploitable web scripts. You can use them to practice aspects of Web Security. That was the core of the first class; you can find the related slides here!
Next one will cover Android Security!