Donate to us!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Thursday, October 18, 2018
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 133
Guests Online: 132
Members Online: 1

Registered Members: 107218
Newest Member: tundoors
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

basic 8

Qubyte
Member

Your avatar

Posts: 10
Location:
Joined: 28.02.18
Rank:
Moderate
Posted on 29-07-18 19:44
Hello! I'm not too bad with SQL, but this has me stumped. It seems like it's looking for a specific SQL query because the error message in the "you failed" page says "Wrong SQL query"

I've tried a few queries, with the one that makes most sense to me being:

' OR S***** D****** * F**** db W**** uname='(guy's name)

I don't know how do spoilers properly, so I've starred some stuff out and changed the last bit. Hopefully someone who's fluent in SQL will know what I mean!

Am I on the right track? It seems to me I need to pull out Drake's password from the database.
Author

RE: basic 8

Huitzilopochtli
Member



Posts: 1599
Location:
Joined: 19.02.13
Rank:
God
Posted on 30-07-18 19:19
It seems like it's looking for a specific SQL query because the error message in the "you failed" page says "Wrong SQL query"

That's because it IS looking for a single specific query, maybe you should check the source code as there might be something in there that can help you with where the injection point in this challenge actually is.

It seems to me I need to pull out Drake's password from the database.

You don't need to pull anything out man, the challenge gives you everything you'll need to pass it. you just need to put it together, in the correct place.


.