Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 16
Members Online: 4

Registered Members: 82811
Newest Member: IsaiahBowman
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Yet another Basic 29 Thread

ollyb342
Member

Your avatar

Posts: 5
Location:
Joined: 10.10.08
Rank:
Guest
Posted on 06-12-11 19:32
Hey folks, first post on the forum!

I've been through all of the 'Basic Web Hacking' challenges (apart from 24.) without too much difficulty, but I'm absolutely stumped on 29.

I've tried what feels like every possible combination of XP**H In*******s I can think of, and no results have been yielded.
I've got the d***g parameter in the URL and the query that it shows me after my In*******s looks like it should be working.

Could anyone PM me some pointers on how to pwn this challenge please?

Thanks in advance.
Author

RE: Yet another Basic 29 Thread

Arabian
Banned



Posts: 332
Location: inside you.
Joined: 22.09.10
Rank:
Apprentice
Posted on 06-12-11 21:04
DOHOHOHOHOHOHohohoho!!!

Search for how to dump table and you'll be on your way to GLORIOUS COMMUNIST FREEDOM!!!


G'bye y'all! I was an asshole, So korg banned me.
Author

RE: Yet another Basic 29 Thread

ollyb342
Member

Your avatar

Posts: 5
Location:
Joined: 10.10.08
Rank:
Guest
Posted on 12-12-11 14:13
Hi again,

I eventually gave up on this one and worked my way through Javascript, Realistic and Pen-Test instead.

Now I thought I'd return to this now I have my feet wet a little bit, and still have no clue why my inj***** XP*** is not returning the answer..

Any chance that I could PM someone to take a look at the XP*** I've been trying?
Author

RE: Yet another Basic 29 Thread

Beat_Slayer
Member



Posts: 12
Location: In front of the computer
Joined: 15.01.12
Rank:
Monster
Posted on 07-02-12 15:30
Anyone can lead me to some info on this one.

I'm getting the quotes escaped, and I just can't bypass it, I don't want answers, only some paper so I can learn something to help me with this xpath injection.

Cheers


www.hellboundhackers.org/user/bar/r/65022.png
Author

RE: Yet another Basic 29 Thread

Arabian
Banned



Posts: 332
Location: inside you.
Joined: 22.09.10
Rank:
Apprentice
Posted on 07-02-12 15:44
for the basics.



-> for what gets you to the answer

OWASP is nice, too.


G'bye y'all! I was an asshole, So korg banned me.

Edited by Arabian on 07-02-12 15:45
Author

RE: Yet another Basic 29 Thread

dopeboimag1k
Member

Your avatar

Posts: 30
Location: the Internet
Joined: 01.05.11
Rank:
Moderate
Posted on 07-02-12 19:17
@Arabian is having the addslashes being imposed upon the query supposed to be a part of the challenge? I can't figure out how to get around it.


thirdgen.net16.net/images/signature.jpg

"Everybody wants greatness but nobody wants to work for it."

"If it was easy, everybody would do it."
Author

RE: Yet another Basic 29 Thread

Arabian
Banned



Posts: 332
Location: inside you.
Joined: 22.09.10
Rank:
Apprentice
Posted on 07-02-12 21:43
No it's not, and yes it's fucking up the challenge.


G'bye y'all! I was an asshole, So korg banned me.