Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 29
Guests Online: 29
Members Online: 0

Registered Members: 82831
Newest Member: FL4SHC0D3R
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

basice web 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-09-06 09:47
do u need to use the UNION or UNION ALL command for this challenge?
Author

RE: basice web 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-09-06 09:54
don't know where you got those arguments from, but a simpler way to do this (and almost all SQL injections) is to type in arbitrary code, then look at the error message.

Look thoroughly at the error you get, and think of how you can use that, or modify it to your advantage. ie: to access something you're not supposed to. Ciao!


Author

RE: basice web 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-09-06 10:55
here are some things i tried:

[edited...]

am i close or anything?

Edited by on 01-09-06 23:58
Author

RE: basice web 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-09-06 14:50
carrico wrote:
?SELECT * FROM family_db


That is the query needed, but you need to find the variable name to put that query in.
Author

RE: basice web 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-09-06 15:11
please edit this posts

dont be so clear and dont write solutions




Author

RE: basice web 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-09-06 00:01
?SELECT * FROM family_db


That is the query needed, but you need to find the variable name to put that query in.


"varialbe name" meaning what goes in for the '*'?

Edited by on 02-09-06 00:06