Patch2 isn't working, spoilers.

Possible Spoilers? I've tried the following:

7(inject): $id = addslashes($_GET['id']); 7(inject): $id = mysql_real_escape_string($_GET['id']); 7(inject): if (ereg("¹+$", $_GET['id'])) $id = $_GET['id']; 11(xss): echo strip_tags($end);

No luck. It seems obvious that the problem is SQL Injection through $_GET['id']. I'm sure I'm getting it right but am just not entering the right string of text for whatever AI reads this stuff. Any suggestions?

I have a suggestion.. they should make the patch challenges more flexible trying to think of ALL the ways it COULD be fixed and accepting a multitude of answers. Most of them have an error that could be fixed on more than one line in several ways, and after trying tons of variations using different functions and tactics in different places I decided I don't want the points anymore as I got pissed off.

Of all the sections on HellBound this is the most usefull. I'm here for the defensive aspects not the offensive :). That and I'm a whore for points.

Maybe some admin could give me a tip wink wink.

I agree I've spent a lot of time on 2&3 I see were to patch them but none of my answers will work. Even did a google search and found almost the same script rewrote with addslashes! Pissing me off bad. I think they should be checked by admins like logic as there are different ways to patch.

Nucleocide, you're definitely on the right track. The type of vuln. is injection, but what kind? That being said, you have the wrong line, because you know the variable will be user-defined because of $_GET in the url.

coughstr_replacecoughgiveshintcough

yes, addslahes is the way to go. You're close.

lol yes like sharpskater80 said, reloook at what line you are trying then try the examples you said you have already tried, i just did it again to test it and it works :P

ive just tried this one and it doesnt work. it tells me tha str_replace isnt the most effiecent way and to do something with numbers, wtf???

it does have a list of acceptable answers that it compares to, admittedly it should be bigger….