Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 29

ghost

0 0

13 years ago

so, i can log in as all three users, but i dont really understand how i'm supposed to find the 'answer'

starofale

Member

0 0

13 years ago

I suspect you're trying a standard SQL-style injection. I know that there are some injections that only show you part of the database. If you dump the whole database the answer is pretty obvious.

From the HBHBot:

Read up on XPath and how XML works. Also, check the source. You need to work out what the injection should be specifically for this challenge - you can't use a generic one.

ghost

0 0

13 years ago

I'm trying to put //* into my query to dump everything, still no luck..

Not sure if that was a spoiler <.< if it is, I'll remove it.

ghost

0 0

13 years ago

Nevermind, I got it :D

Do you like cookies? 🍪 We use cookies to ensure you get the best experience on our website. Learn more

Basic 29

Uh oh. Looks like your using an ad blocker.

ghost

starofale

ghost

ghost