Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

basic 20


chartira's Avatar
Member
0 0

hey guys , i want some hints please i tried : adm****** UN*** A** SEL*** * FROM the replies is : You are on the right track, but this will not bypass the login. where is my mistake ?


tnk04's Avatar
Member
0 0

You're over complicating things. You don't need to retrieve data, but simply make it overlook some. It is literally the most obvious SQL injection that you could think of.


chartira's Avatar
Member
0 0

thanqs a lot , it did work thanqs to ur advice


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12

Login with the username and password it gives you, and since the input boxes are now gone, try and find somewhere else you can inject.

And it's NOT in the url.


omega_tek's Avatar
Member
0 0

try and find somewhere else you can inject. And it's NOT in the url.

That really helped!!


splext's Avatar
Member
0 0

omega_tek wrote: [quote]try and find somewhere else you can inject. And it's NOT in the url.

That really helped!![/quote]

Hi all, this thread looks untouched for ages so apolgies, I have just joined. So ill try and say this without spoilers:

I have injected C******, and it says nice try. have done it from homepage and from after login but still to no prevail. Any other hints for me?


Huitzilopochtli's Avatar
....
10 9

If you're logged in, and editing the c*****, it doesn't matter what page your doing it from, if it doesn't work after refreshing the page, then it's your injection that's wrong.

Think simple' or one and one, will never add up to two. thumbs up