Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Basic 29

ghost

0 0

12 years ago

so, i can log in as all three users, but i dont really understand how i'm supposed to find the 'answer'

starofale

Member

0 0

12 years ago

I suspect you're trying a standard SQL-style injection. I know that there are some injections that only show you part of the database. If you dump the whole database the answer is pretty obvious.

From the HBHBot:

Read up on XPath and how XML works. Also, check the source. You need to work out what the injection should be specifically for this challenge - you can't use a generic one.

ghost

0 0

12 years ago

I'm trying to put //* into my query to dump everything, still no luck..

Not sure if that was a spoiler <.< if it is, I'll remove it.

ghost

0 0

12 years ago

Nevermind, I got it :D

Do you like cookies? 🍪 We use cookies to ensure you get the best experience on our website. Learn more

Basic 29

Uh oh. Looks like your using an ad blocker.

ghost

starofale

ghost

ghost