Donate to us!
The important thing is not to stop questioning. - Albert Einstein
Wednesday, December 19, 2018
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 136
Guests Online: 134
Members Online: 2

Registered Members: 108681
Newest Member: obsidian1
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

basic 8

Qubyte
Member

Your avatar

Posts: 10
Location:
Joined: 28.02.18
Rank:
Moderate
Posted on 29-07-18 19:44
Hello! I'm not too bad with SQL, but this has me stumped. It seems like it's looking for a specific SQL query because the error message in the "you failed" page says "Wrong SQL query"

I've tried a few queries, with the one that makes most sense to me being:

' OR S***** D****** * F**** db W**** uname='(guy's name)

I don't know how do spoilers properly, so I've starred some stuff out and changed the last bit. Hopefully someone who's fluent in SQL will know what I mean!

Am I on the right track? It seems to me I need to pull out Drake's password from the database.
Author

RE: basic 8

Huitzilopochtli
Member



Posts: 1606
Location:
Joined: 19.02.13
Rank:
God
Posted on 30-07-18 19:19
It seems like it's looking for a specific SQL query because the error message in the "you failed" page says "Wrong SQL query"

That's because it IS looking for a single specific query, maybe you should check the source code as there might be something in there that can help you with where the injection point in this challenge actually is.

It seems to me I need to pull out Drake's password from the database.

You don't need to pull anything out man, the challenge gives you everything you'll need to pass it. you just need to put it together, in the correct place.


.