Sam Bowne

Logic Flaw Demos

1. Password Change Form

You are logged in as wally

Username:
Old password:
New password:
Repeat new password:

Goal: Change 'admin' password

Solution

Remove oldpass parameter entirely to become admin.

2. Filtered Ping Form

Target:

Goal: perform 'ls'

Try These

google.com;ls
google.com|ls
google.com&ls
google.com\ls
google.com;;ls
google.com\;ls

3. Multiple Stages

Name:

Goal: purchase product with invalid credit card

Solution

Go as far as you can through the shopping process.

Note the URLs and find the pattern.

Manually proceed to last step. Deduce URL from pattern , insert address in URL query string.

4. Electric Shoe (10 pts. extra credit)

Shoe Administration Page

Goal: put your name on the shoe

5. Double Quotes

Reset the Database Before Using it

Name:
SSN:

Goal: display all names


Last modified: 12-14-16 6:19 am