Results 1 to 4 of 4

Thread: Creating_A_Vulnerable_Webapp

  1. #1
    Junior Member
    Join Date
    Jun 2010
    Posts
    31

    Default Creating_A_Vulnerable_Webapp

    Hi All,

    I'm working with the book Metasploit The Penetration Testers Guide, and Im trying to follow the instructions laid out here:
    http://www.offensive-security.com/me...nerable_Webapp

    I have spent days trying to get everything set up right. Im running XP pro service pack 2 (on VMware). IIS is on, MySQL server 2005 is installed as well as SQL Server Management Studio Express. I set up the vulnerable web server as described, I have followed all the steps, everything appears to be working. When I log into 192.168.58.130/Default.aspx I get the login screen with the metasploit background.

    According to the book, if I type in OR 1=1- in the username field, and anything in the password field the book says it should indicate a successful login. It does not.

    I get this error screen:

    HTML Code:
    Server Error in '/' Application.
    --------------------------------------------------------------------------------
    
    Login failed for user 'sa'. 
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 
    
    Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'sa'.
    
    Source Error: 
    
    
    Line 66: //cmd.Parameters.AddWithValue("@txtPassword", txtPassword.Text);
    Line 67: 
    Line 68: objConn.Open();
    Line 69: 
    Line 70: if (cmd.ExecuteScalar() != DBNull.Value)
     
    
    Source File: c:\Inetpub\wwwroot\Default.aspx.cs    Line: 68 

    this is followed by a Stack Trace.



    Does anyone have any idea what the heck is going on? Any ideas, at all?
    Thanks
    Will

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Creating_A_Vulnerable_Webapp

    You have a password problem. It's the first line of the dialogue.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member
    Join Date
    Jun 2010
    Posts
    31

    Default Re: Creating_A_Vulnerable_Webapp

    I was under the impression that OR 1=1- was simple injection, and that whatever entered in the password field did not matter. Oh well. Still stuck

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Creating_A_Vulnerable_Webapp

    Looks more like your problem is in the initial set up and has not all that much to do with what you enter into the password field.

    Try harder.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •