Uh oh. Looks like your using an ad blocker.
Our site is support by ads that help to pay our hosting costs. Please disable or whitelist us within your ad blocker to help us keep the site online.
All money generate by ads and donations is used to pay the hosting costs of the site, for more information about our income and expenses please see our donation page.
I give up.
Don't think logically …….. think locally. ;)
Huitzilopochtli wrote: Don't think logically …….. think locally. ;)
Can you elaborate, what do you mean by locally?
rex_mundi wrote: Read this thread https://www.hellboundhackers.org/forum/basic_20-7-16805_0.html
I think I've read almost all of the threads posted in here about basic 20. Still, I have no idea what I'm doing. Well, I know what I'm supposed to do (I guess?). I just have no clue where to input it and at which line.
I can see why that article would confuse a beginner, but the title alone should be enough to point you in the right direction from where to launch your attack.
As for the injection itself, it's not looking for anything complicated, you don't need to retrieve any data, or execute multiple queries, all that's needed is a basic sql injection, so basic in fact, you've already done it in a previous challenge, the only difference here is, the injection point isn't in a login form this time.
Okay, so, just to show you guys how dumb I am at this, I've PM'ed some you guys screenshot linking to what I did.
It wasn't that dumb, you're just over thinking it man, I sent you some pointers in my reply.
I did something in c****** and then it says "Nice try,but blalbalblabla".. I don't know what to do next..Can you show me the correct path??:o
Use an intercepting proxy (preferably burp). Intercept your request and send to to repeater. Start playing with the cookie. Win.
Tbh I don't remember the challenge, but as Huitzilopochtli said, the article's title gives you the answer. (Cookie poisoning/SQLi)