Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 18
Members Online: 2

Registered Members: 82885
Newest Member: ConiBE
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-03-05 17:58
ok, i made the error so i know the table names... but my injection doesn't work

this is it:

SELECT password FROM family_db WHERE username='Drake'





Edited by on 14-03-05 21:25
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-03-05 03:07
Try making your injection simpler, more broad.


Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-03-05 21:25
ok this is what i've got:

sql_query= SELECT * FROM family_db WHERE username='Drake'


its still not working


Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-03-05 01:04
OK, what you have, in my opinion should work (I've PMed Grind about it), but if you make it less specific of a query, it'll work. Lemme know if you need more help


Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-03-05 01:34
yeah, i've done the same thing


Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-03-05 13:54
I'm not sure how you would be able to make it less specific a query. Everything seems to be needed, but then again, i wasn't able to complete this level, so some of it probably isn't needed.


Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-03-05 19:52
hint: make it as general as possible


Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-03-05 21:51
Found at how to REALLY do it




Edited by on 05-05-05 20:32
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-05-05 18:04
I know that in SQL is missin ' so I can add a variable to sql (probably AND Username='Drake'Wink, but what can I do with password=
The variable can't be set to anything because for this LIKE is needed.
Any hit?
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-05-05 20:34
Hmm...well, the best hint i can give is, when you make a query, look at the source for hidden tags. Then, think about what that could mean. Not all injections have to be done through forms and text boxes.

If you have other questions and know what i'm talking about, don't give it away, just say you're query problems.


Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-06-05 12:25
I cant inject it in the address bar and im using SELECT * FROM family_db WHERE Username='Drake' then im stuck anyhelp?


Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-06-05 12:40
you can inject SQL at addressbar if you have a bug infont of it, read sourcecode
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-07-05 18:09
with the sql injection in the address bar can you have spaces in it. because i always though there could be none.