> It's not just SQL, either; I've used it to get XSS out of corrupted AES de... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		daeken on Nov 28, 2010 \| parent \| context \| favorite \| on: SQL injection with raw MD5 hashes > It's not just SQL, either; I've used it to get XSS out of corrupted AES decryptions as well. How would you go about such a thing? My initial thought is to simply permute over the controllable bytes and see what comes out, looking for specific characters that get you what you need, e.g. a quote to break out of an HTML attribute, but I think I might be missing an easier path.

tptacek on Nov 28, 2010 [–]

Nope, that's how you do it. In the case I'm thinking of, I only needed one character (but it needed to be the last byte).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact