Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 3


The-Scarecrow's Avatar
Member
755 19

I think it’s broken.

Hear me out. Use the cookie editor to change the username to a base 2 system. Reload the page for the next section. But nothing happens it just re-writes the cookie.

I’m thinking its writing it before reading it.

Also I couldn’t find a user who has completed the challenge.

edit: Issue submitted.


Ce1tic13h0y's Avatar
Member
2,340 30
  • @ this point in time : SAME HERE.

the refresh resets the THING, you know the THING, Cmon, man.


scallywag's Avatar
130 2

I am having issues with the SQL Injection bit. I assume it should be sth like ’ OR 1=1 but unfortunately this only sends me back to step 1


Mordak's Avatar
Evil Sorcerer
4,025 19

Basic 3 is working correctly currently and your on the right track with your SQL injection. Have you forgotten about the cookies ?


scallywag's Avatar
130 2

yes, i altered the cookies, my sql injection just doesn’t work


Ce1tic13h0y's Avatar
Member
2,340 30

Well if the cookie is correct, then youll be presented with the sql login. if not then you go back to first page, are you sure the cookie gets set? you’ll know if cookie is set correctly, the page will tell you.


wand3rlust's Avatar
1,595 1

tweaked the cookie correctly and got to the sql part. tried the default sql inject, complete with “–,” but it doesn’t let me in. confirmed cookie was still altered when trying the sql inject, and it was (also tried changing it back, which didn’t help). help appreciated.


Mordak's Avatar
Evil Sorcerer
4,025 19

Drop us PM with more details and I can provide some hints.


Mordak's Avatar
Evil Sorcerer
4,025 19

I spoke with @wand3rlust via PM and can confirm that the challenge is online and working correctly. As another hint for anyone else don’t make the SQL too complex.


wand3rlust's Avatar
1,595 1

yes, thanks, @mordak. i had been using the most common syntax for the sql inject (the kind you’d find on an sql injection tshirt :), but this challenge uses an equally simple but different syntax for the inject.


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12

I’ve been trying to redo all of the challenges on a mobile device as  that’s how most of us access the internet nowadays, but this bastard is really busting my fucking chops