Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

phpPgAdmin is a PHP plugin for interacting Postgres databases via PHP.

When a user logs in, there is verification that the beginning and end of the string have a single quote. Or, if it doesn't then the program does the quoting for you. There is no verification done on the input for this though.

The verification allows for more than one field to be added, allowing for directive injection. For instance, 'testinguser' host='1.3.3.7' would change the host.

Using this technique, we can change the host of the server. Why does this matter? We can trick the application to use our database for the login process! Since we know our password, this allows for a complete authentication bypass.

A fun authentication bypass with the directive injection changing the location to authenticate to.