Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

BASIC 18 Y


RDXLOL's Avatar
Member
0 0

I have been trying to figure out the character turn by turn but they dont seem to work. I have been using this as my query id=1' and (SELECT SUBSTRING("SELECT DATABASE()",1,1)>' A'); – which is true for any word but idk y i keep getting invalid article again and again?? Pls some just clarify me out……


Huitzilopochtli's Avatar
....
10 9

The challenge hints at being based on blind sql injection, but it clearly isn't as there are noticeable changes on the page.

The "Invalid article" message confirms when an injection fails in the exact same way the appearance of an SQL error message would.

This means you can approach it like any normal error based sql injection, without the need for any true or false statements, or time delays.

All that's required of you here is to get the number of columns and the table name, putting them together will be enough to earn you the points. It's really that simple.

PS: Your injection would always fail because:  > 'A'  should be = 'A'  


RDXLOL's Avatar
Member
0 0

Ok I seem to understand what are you saying but why it has to be ='A' i tried typing the same command in mysql and sicnce the name of database starts with a letter it will always be <'A' . In my pc it always giives 1 as ouptut which means its true so 1 and 1 shd be true?? Pleaze clarify it out…. EDIT: Shd I use the ascii value for comparison rather then 'characters?'?


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12

Ah if it works locally then ignore what I said, as I'm probably wrong and you're right.

None of that is needed for the challenge though.


RDXLOL's Avatar
Member
0 0

So is it like the site has blocked this way of injection?? and I just wanted to know then how am i supposed to find the name of the table?? I have clleared this level but just guessed that table name is Ar******. So just wanted to know a proper way….


Huitzilopochtli's Avatar
....
10 9

What this challenge is meant to show you, is that you don't have to rely on seeing the sql error messsges in order to exploit the vulnerability.

In a real blind scenario,  even though you'll have access to the information_schema,  it is often much easier and quicker to guess the names of the tables and columns, rather than running an automated attack and spamming the target sites logs.

Guessing the table name IS the proper way to pass the challenge.