Project 8x: Exploit Hackazon (20 pts.)

What You Need

Purpose

To practice exploiting a SQL injection.

Opening the Hackazon Page

In a Web browser, open this page:

http://hackazon.samsclass.info/

Click any product. Then add an apostrophe to the end of the URL, so you see a SQL error message, as shown below.

Find the Admin Password Hash

Use any technique you like to exploit the server and find the admin's password hash, as shown below.

If you don't know how to start, see the References at the bottom of this page.

Turning In Your Project

Email the images to cnit.129s@gmail.com with a subject of "Project 8x from YOUR NAME".

References

Automated Audit using SQLMap

https://github.com/sqlmapproject/sqlmap/wiki/Usage

Last modified 2-24-18