The SecNews publishes it solution of the Pwnzilla contest which was organized in cooperation with the Piraeus University and called security researchers, security enthusiasts, but also anyone wishing to test their knowledge of system breaches through Web applications.
The admission is generally acknowledged had a particularly high degree of difficulty and it was not easy o localization of SQL Injection vulnerability using known tools and automated Tools. This did not prevent over 1000 researchers, individuals users but also security officers of banks, telecoms and companies to take an active part.
As we had says a previous article the Greek researcher penetration tester, Georgios Spanos announced to the editorial team of SecNews and to the University of Piraeus, step-by-step the most comprehensive solution of the challenge.
It is worth noting that last year George Spanos had found the solution of the first Pwnzilla, but later in relation to that of Evangelou Mouriki.
We publish the most comprehensive solution just as it sent us to us Mr. Spanos below:
In fact, the penetration tester has also created its own scripts to quickly control it and bypass any security measures that have been put into the code of the exposed application!
Apart from Mr. Georgios Spanos, who impressed everyone with his high level of knowledge, it is worth giving our congratulations to Department of Digital Systems of the University of Piraeusand specifically the Assistant Professor of the University. Piraeus, Mr. Christos Xenakis as a scientific officer of Pwnzilla but also the technical curator of the PhD candidate of the Department of Digital Systems,Anastassios Stassinopoulos who undertook the technical implementation of the exercise.
Finally, it should be remembered that great sponsors of the PwnZilla contest for 2015 were the hosting company Host1Plus, which offers the gift to the big winner but and the iGuRu website as a communications sponsor.
Soon, there will be new competitions that will highlight new talents in security of information systems and detection of weaknesses in real systems. Its management team SecNews tries in consultation with sponsors financial institutions and telecommunication providers who have expressed interest in conducting new tenders for new talent, to obtain the payment of corresponding prizes of Bug bounty that provide Companies abroad.
Stay, then coordinated for newer prizes for the prize.
Thank you all!