I have been trying to figure out the character turn by turn but they dont seem to work.
I have been using this as my query id=1' and (SELECT SUBSTRING("SELECT DATABASE()",1,1)>' A'); -- which is true for any word but idk y i keep getting invalid article again and again?? Pls some just clarify me out......
Ok I seem to understand what are you saying but why it has to be ='A' i tried typing the same command in mysql and sicnce the name of database starts with a letter it will always be <'A' . In my pc it always giives 1 as ouptut which means its true so 1 and 1 shd be true?? Pleaze clarify it out....
EDIT: Shd I use the ascii value for comparison rather then 'characters?'?
So is it like the site has blocked this way of injection?? and I just wanted to know then how am i supposed to find the name of the table?? I have clleared this level but just guessed that table name is Ar******. So just wanted to know a proper way....
What this challenge is meant to show you, is that you don't have to rely on seeing the sql error messsges in order to exploit the vulnerability.
In a real blind scenario, even though you'll have access to the information_schema, it is often much easier and quicker to guess the names of the tables and columns, rather than running an automated attack and spamming the target sites logs.
Guessing the table name IS the proper way to pass the challenge.
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.