Hosting Provided By

webgoat breaking

From: Indian Tiger <indiantiger(at)mailandnews.com>
Date: Sat Feb 23 2002 - 02:24:43 EST

hi all,

i m trying to break the webgoat challenge. But i m not able to break the user authentication. I tried to break user authentication using all possible SQL Injections, but it couldnt work out. I need help on this topic. what i should try to break this user authentication. i have gone thru its code ,it is written in the java & i did not find any Sql query used for cheking username & password, so is there any way to break this user authentication scheme ?

I m looking for the material on SERVER SIDE INCLUDES VULNAREBILITIES. i got the information that some sites are vulnarable to Server Side Includes but i dont know how i can use SSI to test vulnarability of the sites. SSL includes can be helpfull in webgoat also.Any help on this topic will be highly appreciated.

Thanking You.
Sincerely,

Indian Tiger, CISSP Received on Wed Mar 26 02:29:21 2003

This message: [ Message body ]
Next message: Jeff Williams (at) Aspect: "Re: webgoat breaking"
Previous message: Noam Eppel: "Secure code review methodology"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:49 EDT