Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Realistic 9 SQL


C_K_A01's Avatar
Member
0 0

Hey guys,

normally I complete those in a few minutes but at the admin bypass in this challenge I think I'm stuck. I tried nearly all possible SQLI - Methods -> with numbers, without numbers, with chars etc. Every time the page only refreshes or a Message : "You are on the right track but stick to the mission." is shown. I tried somethng like '** '='


C_K_A01's Avatar
Member
0 0

I tried a lot of different ways. Is there a way to come logical to the solution of this part? If someone can give me a little hint (but not : try '** = …..) it would be great.


C_K_A01's Avatar
Member
0 0

I tried a lot of different ways. Is there a way to come logical to the solution of this part? If someone can give me a little hint (but not : try '** = …..) it would be great.


Huitzilopochtli's Avatar
....
10 9

Your injection needs to go in both fields of the login form. Dont use numbers. (and yes : try '** =–)