Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Real 7

  1. Home
  2. Forum
  3. Realistic
  4. Real 7

ghost's Avatar

ghost

0 0

Hi! Help me… i try find pass teeachers(sql-inj): …nfo.php?action=name&&id=9999 UNION SELECT * FROM xxxxx or union select 0,0,0,0,0,0 from sxxxf (fields 6) or like these… and all the same i get: "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM xxxx' at line 1"… Note.please, error in "FROM",where that couldn't be error!…if it's classic sql-inj…or here blind sql?… Give me right direction or hint what i do please…i'm stuck on easy moment…


ghost's Avatar

ghost

0 0

jee

it's not that "complicated".

thik about it a bit.

action=NAME&id=blah

hmm…NAME… what if you type… sth else?


ghost's Avatar

ghost

0 0

jee

it's not that "complicated".

thik about it a bit.

action=NAME&id=blah

hmm…NAME… what if you type… sth else?

edit(stupid double post when doing "back")


ghost's Avatar

ghost

0 0

this reals a bitch


ghost's Avatar

ghost

0 0

I was just woundering i get 'hbh_real.student' doesnt exist whenever i go to grades. is this part of the challenge?


Mr_Cheese's Avatar

Mr_Cheese

0 1

no this isnt part of the challenge. i'll look into it the problem and see if i can get it solved.


ghost's Avatar

ghost

0 0

bleh i got a double post :D edited it!!! Thanks Mr_cheese!


ghost's Avatar

ghost

0 0

could you also check contacts script? i know i have to be persistant, but this is riddiculus.it's driving me mad.i tried over 300 possabilities, surely.


ghost's Avatar

ghost

0 0

i try inject "name",but "Unknown column 'NAMEHKJ' in 'field list'"…quotes filtered…on "union" i get "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM STAFF–, name FROM staff WHERE id = 11' at line 1"… i don't know…


ghost's Avatar

ghost

0 0

if you're talking about getting the staff's passwords, you shouldnt inject "name", you dont want their name, u want their .. ;)


ghost's Avatar

ghost

0 0

god wrote: if you're talking about getting the staff's passwords, you shouldnt inject "name", you dont want their name, u want their .. ;) Ohhh…very thanks…i try this…but i so inattentive=))


ghost's Avatar

ghost

0 0

ok..we in last part…need access in ./a****/… login and pass admin-teacher doesn't work… contact.php - give us nothing… And as a matter of fact .htaccess - very bad file…we have trouble with him in other mission…