Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Pen Testing 1


ghost's Avatar
0 0

I'm stuck at the SQL part of this challenge. Any injection I can think of (as well as any input at all in both fields) is just giving the message "Access denied for user 'www-data'@'localhost' (using password: NO)". Is this challenge working properly?


th3l05tpr0ph3tz's Avatar
Member
0 0

EDIT THIS FOR SPOILERS

also, yes its being buggy, the whole challenge is.


Mordak's Avatar
Evil Sorcerer
4,025 19

The challenge is working fine.


ghost's Avatar
0 0

Thanks Mordak, I must just be missing something. I'll keep on trying!


Mordak's Avatar
Evil Sorcerer
4,025 19

PM me if you need to.


th3l05tpr0ph3tz's Avatar
Member
0 0

may i PM with what im doing as well, because i keep getting error popups that say "you have already found this exploit" even though i haven't and it doesnt add points.


Mordak's Avatar
Evil Sorcerer
4,025 19

Sure PM me.


ghost's Avatar
0 0

I am also stuck at the sql part. Can I pm someone the injections i have tried?


Arabian's Avatar
Member
0 0

sure


Death_metal666's Avatar
Member
0 0

is this challenge down?? cuz i tried every sql injection and all the combination which i know. but still getting this error: > Access denied for user 'www-data'@'localhost' (using password: NO)


ghost's Avatar
0 0

Death_metal666 wrote: is this challenge down?? cuz i tried every sql injection and all the combination which i know. but still getting this error: [quote]Access denied for user 'www-data'@'localhost' (using password: NO)[/quote]

Someone Pmed me the same question not too long ago. I will resend it to you.


Death_metal666's Avatar
Member
0 0

challenge is up … yippee solved thanks to molested … thank you


th3l05tpr0ph3tz's Avatar
Member
0 0

maybe im doing something wrong, i still get "Access denied for user 'www-data'@'localhost' (using password: NO)"


ghost's Avatar
0 0

Is this challenge still working as supposed? I am not able to log in using the given account and password. Could someone confirm it is broken?


ghost's Avatar
0 0

i got the sql injection pretty easily man just act like a bad parent and beat it to death :D


nopcron's Avatar
Member
0 0

I suppose this one might be broken. There is no way I manage to get the SQL related one and the session related one (not sure if I am trying the right thing here) but there's no doubt about the SQL part.


Euforia33's Avatar
philalethes
0 0

The SQL related exploit is not currently working but the exploit for the session still works.


korg's Avatar
Admin from hell
0 0

The SQL page is working, Just tried it. The exploit was changed from the original.


ChioDoS's Avatar
Member
0 0

Worked for me. :)


synstealth's Avatar
PHP WARRIOR
2,490 1

im 30 points shy of the 350 points completion of this pent1 challenge, however I have attempted using the injection in the admin page and it does nothing.. a flicker here then the page reloads and acts like nothing happened. I have attempted several types of injections. no success and im starting to wonder if this is buggy or am I injecting it wrong.. you know the famous 'or 1=1– string doesnt even work tho. any pointer/hints?


rex_mundi's Avatar
☆ Lucifer ☆
3,110 12

It's not a bug, it's just a different injection. :P