Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 24
Members Online: 1

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 03:36
Hi!
Help me...
i try find pass teeachers(sql-inj):
...nfo.php?action=name&&id=9999 UNION SELECT * FROM xxxxx
or
union select 0,0,0,0,0,0 from sxxxf (fields 6)
or
like these...
and all the same i get:
"You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM xxxx' at line 1"...
Note.please, error in "FROM",where that couldn't be error!...if it's classic sql-inj...or here blind sql?...
Give me right direction or hint what i do please...i'm stuck on easy moment...
Author

RE: Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 10:56
jee

it's not that "complicated".

thik about it a bit.

action=NAME&id=blah

hmm...NAME... what if you type... sth else?
Author

RE: Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 10:56
jee

it's not that "complicated".

thik about it a bit.

action=NAME&id=blah

hmm...NAME... what if you type... sth else?

edit(stupid double post when doing "back"Wink

Edited by on 14-04-06 10:57
Author

RE: Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 12:39
this reals a bitch


Author

RE: Down?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 14:08
I was just woundering i get 'hbh_real.student' doesnt exist whenever i go to grades. is this part of the challenge?
Author

RE: Real 7

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 14-04-06 14:13
no this isnt part of the challenge. i'll look into it the problem and see if i can get it solved.


http://www.hellboundhackers.org/
Author

RE: Down?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 14:40
bleh i got a double post Grin edited it!!!
Thanks Mr_cheese!

Edited by on 14-04-06 14:42
Author

RE: Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 22:50
could you also check contacts script? i know i have to be persistant, but this is riddiculus.it's driving me mad.i tried over 300 possabilities, surely.
Author

RE: Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-04-06 12:52
i try inject "name",but "Unknown column 'NAMEHKJ' in 'field list'"...quotes filtered...on "union" i get "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM STAFF--, name FROM staff WHERE id = 11' at line 1"...
i don't know...
Author

RE: Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-04-06 13:08
if you're talking about getting the staff's passwords, you shouldnt inject "name", you dont want their name, u want their .. Wink


Author

RE: Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-04-06 23:25
god wrote:
if you're talking about getting the staff's passwords, you shouldnt inject "name", you dont want their name, u want their .. Wink

Ohhh...very thanks...i try this...but i so inattentive=))
Author

RE: Real 7


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-04-06 01:49
ok..we in last part...need access in ./a****/...
login and pass admin-teacher doesn't work...
contact.php - give us nothing...
And as a matter of fact .htaccess - very bad file...we have trouble with him in other mission...