tag:blogger.com,1999:blog-732257695511948254.post3416084475748372185..comments2022-11-09T05:58:31.969-08:00Comments on Nibble Security: One-Day KnowledgeClaudio Criscionehttp://www.blogger.com/profile/12202628660778574382noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-732257695511948254.post-15518272306739057912015-09-12T03:56:17.929-07:002015-09-12T03:56:17.929-07:00This comment has been removed by a blog administrator.سما احمدhttps://www.blogger.com/profile/15427149796352259395noreply@blogger.comtag:blogger.com,1999:blog-732257695511948254.post-27165453826444982802009-09-16T04:47:38.749-07:002009-09-16T04:47:38.749-07:00Nice to see you here!
The idea is to inject a fake...Nice to see you here!<br />The idea is to inject a fake option (e.g. –-fake) in order to get the usage screen which does not contain strings as “Error”, “login incorrect”, etc. In this case, the username matches the format as well as the “authenticate()” function does not return errors.<br /><br />Cheers,<br />LucaLuca Carettonihttps://www.blogger.com/profile/09957564681262364569noreply@blogger.comtag:blogger.com,1999:blog-732257695511948254.post-3801326048917860582009-09-15T09:47:23.117-07:002009-09-15T09:47:23.117-07:00Great work Luca!!
Now it makes sense, the '--...Great work Luca!! <br />Now it makes sense, the '--' in the username field is causing the command line tool to return with no errors right? I think posting the section of the code calling the command-line tool might provide more insight.Lavakumar Kuppanhttps://www.blogger.com/profile/13649160238198743851noreply@blogger.com