Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Yet another Basic 29 Thread


ollyb342's Avatar
Member
0 0

Hey folks, first post on the forum!

I've been through all of the 'Basic Web Hacking' challenges (apart from 24.) without too much difficulty, but I'm absolutely stumped on 29.

I've tried what feels like every possible combination of XP**H Ins I can think of, and no results have been yielded. I've got the dg parameter in the URL and the query that it shows me after my In***s looks like it should be working.

Could anyone PM me some pointers on how to pwn this challenge please?

Thanks in advance.


Arabian's Avatar
Member
0 0

DOHOHOHOHOHOHohohoho!!!

Search for how to dump table and you'll be on your way to GLORIOUS COMMUNIST FREEDOM!!!


ollyb342's Avatar
Member
0 0

Hi again,

I eventually gave up on this one and worked my way through Javascript, Realistic and Pen-Test instead.

Now I thought I'd return to this now I have my feet wet a little bit, and still have no clue why my inj***** XP*** is not returning the answer..

Any chance that I could PM someone to take a look at the XP*** I've been trying?


Beat_Slayer's Avatar
Member
0 0

Anyone can lead me to some info on this one.

I'm getting the quotes escaped, and I just can't bypass it, I don't want answers, only some paper so I can learn something to help me with this xpath injection.

Cheers


dopeboimag1k's Avatar
Member
0 0

@Arabian is having the addslashes being imposed upon the query supposed to be a part of the challenge? I can't figure out how to get around it.


Arabian's Avatar
Member
0 0

No it's not, and yes it's fucking up the challenge.