Donate to us via Paypal!
The important thing is not to stop questioning. - Albert Einstein
Saturday, May 08, 2021
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 174
Guests Online: 172
Members Online: 2

Registered Members: 136093
Newest Member: Risho
Latest Articles

View Thread

HellBound Hackers | Challenges | Basic

Author

basic 8

Qubyte
Member

Your avatar

Posts: 10
Location:
Joined: 28.02.18
Rank:
Mad User
Posted on 29-07-18 19:44
Hello! I'm not too bad with SQL, but this has me stumped. It seems like it's looking for a specific SQL query because the error message in the "you failed" page says "Wrong SQL query"

I've tried a few queries, with the one that makes most sense to me being:

' OR S***** D****** * F**** db W**** uname='(guy's name)

I don't know how do spoilers properly, so I've starred some stuff out and changed the last bit. Hopefully someone who's fluent in SQL will know what I mean!

Am I on the right track? It seems to me I need to pull out Drake's password from the database.
Author

RE: basic 8

Huitzilopochtli
Member



Posts: 1645
Location:
Joined: 19.02.13
Rank:
God
Posted on 30-07-18 19:19
It seems like it's looking for a specific SQL query because the error message in the "you failed" page says "Wrong SQL query"

That's because it IS looking for a single specific query, maybe you should check the source code as there might be something in there that can help you with where the injection point in this challenge actually is.

It seems to me I need to pull out Drake's password from the database.

You don't need to pull anything out man, the challenge gives you everything you'll need to pass it. you just need to put it together, in the correct place.


.