real 4 hint:... How to remove Ghost records...

I realize that most people stuck on how to… remove record of Ghost….

As Mr system_meltdown points out in his article http://www.hellboundhackers.org/articles/articlecomments.php?article_id=236:

Part four: Removing Ghost's record Now if you know the basics of php you will find this kind of easy, so we know where the records are now right? Goooood now we need to remove them so try things on the lines of all.php?(action)=(thing)&&id=(something) and remember we're trying to remove one record not loads of records. If you manage to remove his record you will get a password, we will need this soon.

Can you combine all… greens..!!! Q

I provide this because I believe that the specific command it is more a matter of luck… than knowledge… ;-)

I hope it helps!!

Thiseas wrote: I realize that most people stuck on how to… remove record of Ghost….

As Mr system_meltdown points out in his article http://www.hellboundhackers.org/articles/articlecomments.php?article_id=236: [quote]Part four: Removing Ghost's record Now if you know the basics of php you will find this kind of easy, so we know where the records are now right? Goooood now we need to remove them so try things on the lines of all.php?(action)=(thing)&&id=(something) and remember we're trying to remove one record not loads of records. If you manage to remove his record you will get a password, we will need this soon.

Can you combine all… greens..!!! Q

I provide this because I believe that the specific command it is more a matter of luck… than knowledge… ;-)

I hope it helps!!

[/quote]

finally got it :) thanks

Finally got it ! :) Don´t know what it was, but it helped ! :) thx man

wow. i must be brain dead because i'm still not getting it.

DeafCode wrote: wow. i must be brain dead because i'm still not getting it.

dude are you serious, everybody should get it after the first post… To make it even more clear, I will take those hints and put them together:

remove record of Ghost all.php?action=something&&id=someone

i get that part. i've tried a shit load of combinations of the two. it's obvios what "id=(something)" is i just can't get the other one. i've done pretty much every combination of "remove records of ghost" that is obvious. in fact two of each because i don't know if it requires quotes or not

EDIT: wow. i got it. Now i feel retarded.

^^ Haha I lol'd

I just finished this challenge, I'll admit I got stuck in a couple of places by not using uppercase when appropriate.

clone4 wrote:

remove record of Ghost all.php?action=something&&id=someone I tried evry possible combination i can think of but can't get it still…. can anyone bother to pm me the url line parameter to delete ghosts record.. I don't want to get stuck in it anymore.. This challenge has been pain for me.

sam207 wrote: I tried evry possible combination i can think of but can't get it still…. can anyone bother to pm me the url line parameter to delete ghosts record.. I don't want to get stuck in it anymore.. This challenge has been pain for me.

Begging for answers? Awww, shucks, game over for you.

spyware wrote: [quote]sam207 wrote: I tried evry possible combination i can think of but can't get it still…. can anyone bother to pm me the url line parameter to delete ghosts record.. I don't want to get stuck in it anymore.. This challenge has been pain for me.

Begging for answers? Awww, shucks, game over for you.[/quote] I feel its luck rather than knowledge to remove the ghost records.. so i don't want to get stuck over it..

sam207 wrote: I tried evry possible combination i can think of but can't get it still….

I suggest you think harder then. Try re-reading the thread, the answer will come to you.

xxSk1N_D33Pxx wrote: [quote]sam207 wrote: I tried evry possible combination i can think of but can't get it still….

I suggest you think harder then. Try re-reading the thread, the answer will come to you.[/quote] Yeah did it finally.. I was making some mistake with the first command; plural was what I was doing in records.

what was the point in telling us:

"I have done some research and I found out that earch_members.php?search=1 is injectable."?

i spent a while trying to inject it and got nowhere :angry: completed the challenge in the end though

I understood exactly what need to be injected to remove it, however is there a reason it only works when you are on a certain pages, for example if you are on the records page, it will work, if you are on the clear logs page, and you put in the exact same link in the url bar, it will not work.

I have the challenge completed, I am just trying to better understand url manipulation

It does work on logs page to, I just checked it. Maybe you didn't put the exact same thing in.

Thiseas wrote: I realize that most people stuck on how to… remove record of Ghost….

As Mr system_meltdown points out in his article http://www.hellboundhackers.org/articles/articlecomments.php?article_id=236: [quote]Part four: Removing Ghost's record Now if you know the basics of php you will find this kind of easy, so we know where the records are now right? Goooood now we need to remove them so try things on the lines of all.php?(action)=(thing)&&id=(something) and remember we're trying to remove one record not loads of records. If you manage to remove his record you will get a password, we will need this soon.

Can you combine all… greens..!!! Q

I provide this because I believe that the specific command it is more a matter of luck… than knowledge… ;-)

I hope it helps!!

[/quote]

Great One it helps me so much Thanks but can you tell me what kind of vulnerability is it?

Now, Now MoshBat. You know how excited these kids get when they figure a challenge out. Take it down a notch or two.

Locked.