Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

basic 8


Qubyte's Avatar
Member
0 0

Hello! I'm not too bad with SQL, but this has me stumped. It seems like it's looking for a specific SQL query because the error message in the "you failed" page says "Wrong SQL query"

I've tried a few queries, with the one that makes most sense to me being:

' OR S***** D****** * F**** db W**** uname='(guy's name)

I don't know how do spoilers properly, so I've starred some stuff out and changed the last bit. Hopefully someone who's fluent in SQL will know what I mean!

Am I on the right track? It seems to me I need to pull out Drake's password from the database.


Huitzilopochtli's Avatar
....
10 9

It seems like it's looking for a specific SQL query because the error message in the "you failed" page says "Wrong SQL query" That's because it IS looking for a single specific query, maybe you should check the source code as there might be something in there that can help you with where the injection point in this challenge actually is.

It seems to me I need to pull out Drake's password from the database. You don't need to pull anything out man, the challenge gives you everything you'll need to pass it. you just need to put it together, in the correct place.