basic 21, my sql code should extract the password

I can extract the username, so it is printed out in an error message. When I replace the name of the username column, with the name of the password column, it doesnt error. Which it should have, just like when the username got printed out.

Got any hints for me? :)

the paper that is essential to completing this mission has been moved/retitled: http://www.nccgroup.com/Libraries/Document_Downloads/Advanced_SQL_Injection_in_SQL_Server_Applications.sflb.ashx.

This mission was probably the best and most educational one I've done so far out the basic challenges. Thanks to whoever coded it.

the script you used to find the username is similar but not the same as the one you need for the password. Examine the whitepaper closely because if you found the username then your not too far off from the password.

Good luck

p.s. it's not too hard so don't look into it too much

C4741ysT wrote: the paper that is essential to completing this mission has been moved/retitled: http://www.nccgroup.com/Libraries/Document_Downloads/Advanced_SQL_Injection_in_SQL_Server_Applications.sflb.ashx.

This mission was probably the best and most educational one I've done so far out the basic challenges. Thanks to whoever coded it.

The paper has been moved again. Anyone know where it has gone?

https://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdf

i met this problem too, can anyone help?

Read the pdf again, everything you need to complete this one is in there.

i'm stuck on this chall. i tried to use all sql injection i know and read this paper. so i can't create a error "convert". anyone who give me any hint or any document about it. PS:/ i searched google about Error Based SQL Injection!!! (Stuck!!!!)

The link posted by rex_mundi contains everything you need to solve this challenge. look a few posts above yours thumbs up

Top Tip: If you're copying and pasting it direct from the pdf, and you don't get the error message it tells you in the whitepaper, it doesn't mean the injection is wrong, or has suddenly stopped working, it means you need to learn how to copy and paste better.

True story bro. thumbs up

The PDF y’all keep referring to has something up with it: https://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdf As I have no idea what's in the PDF, I don't really know what to search for. I rather not use a corrupted site.

Can any of you tell me the topic I'd need to research to understand? I've been reading through the SQL wiki: https://en.wikipedia.org/wiki/SQL_injection

There's nothing wrong with the pdf file, the site just has certificate issues so it's hardly an instant death sentence if you visit it, or download the pdf.

Since it's not the only copy on the entire internet, Googling the link or the pdf name, would have taken you straight here: https://crypto.stanford.edu/cs155/papers/sql_injection.pdf