Welcome to HBH V2 ! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Basic 20


Huitzilopochtli's Avatar
....
0 8

Don't think logically …….. think locally. ;)


Blackbbbb6's Avatar
Member
0 0

Huitzilopochtli wrote: Don't think logically …….. think locally. ;)

Can you elaborate, what do you mean by locally?


Huitzilopochtli's Avatar
....
0 8

I can see why that article would confuse a beginner, but the title alone should be enough to point you in the right direction from where to launch your attack.

As for the injection itself, it's not looking for anything complicated, you don't need to retrieve any data, or execute multiple queries, all that's needed is a basic sql injection, so basic in fact, you've already done it in a previous challenge, the only difference here is, the injection point isn't in a login form this time.


Blackbbbb6's Avatar
Member
0 0

Okay, so, just to show you guys how dumb I am at this, I've PM'ed some you guys screenshot linking to what I did.


Huitzilopochtli's Avatar
....
0 8

It wasn't that dumb, you're just over thinking it man, I sent you some pointers in my reply.


SpitFire46's Avatar
Member
0 0

I did something in c****** and then it says "Nice try,but blalbalblabla".. I don't know what to do next..Can you show me the correct path??:o


gobzi's Avatar
Member
0 0

Use an intercepting proxy (preferably burp). Intercept your request and send to to repeater. Start playing with the cookie. Win.

Tbh I don't remember the challenge, but as Huitzilopochtli said, the article's title gives you the answer. (Cookie poisoning/SQLi)