Basic web hacking 5 :: asterix the wildcard
by Arxleol on Monday 09.11.2009, under hellboundhackers.org
Very interesting and easy. As we know asterix aka. * may be used as wildcard in the search box.
Introduction of theĀ challengeĀ is:
Welcome to Asterix-Protect
Asterix-Protect is an email search system that uses this new type of Asterix database to match your search and uses the same type of form like a login. And Asterix-Protect its a login system which also uses this advanced type Asterix database to match your username:password, this is a project that just started… If something is wrong or you have found a bug in our product, please contact us at problems@Asterix-Protect.org.
And therefore first thing you should do is to input * in the search box and search database.
Result should be something like this:
Error 2231:username=* and password=*We couldn’t match your search, please check your spelling or the email doesnt exist
So we know that user * has password * therefore we can now try to log in. Using obtained data, username form the introduction of the mission. Username should be *@* representing email of the person. And * represents password. Therefore, thing string for registration is:
*@*:*
Thursday 19.11.2009 on 20:22
great post as usual .. thanks .. you just gave me a few more ideas to play with