Basic 8 please

I view source code and find ?xxx and I tried : secure-area.php?xxx=SELECT password FROM family_db WHERE username=Drake

and I also tried :

secure-area.php?xxx=SELECT password FROM family_db WHERE username=*

but there's nothing . Somebody help me ?

I DID IT! Its really simply n' i was in the wrong place…

Your query is too complex

after reading a suggestion in one of the articles on help for this section (url was http://www.securiteam.com/securityreviews/5DP0N1P76E.html) i noticed a lot of stuff having to do with the sql… however, i still have not gotten it. somebody mentioned dont use secure-area.php but if not that, i wouldnt know what to use, and the possibilities (the comment in source) came up as 404 errors. everyone i've seen who has posted so far have something similar to what i have, and from reading that page at securiteam, i figured what i have would work….however, obviously, it does not. i guess, you dont need the WHERE portion of the command, and thats where i get lost…if not using the WHERE, how is it that you would view the password from a certain user (Drake) or, at least, how would it know where to show you from the database? my command is here - but i have to assume with my history with urls that the spaces converting to %20 wont negatively affect the outcome. i've got the secure-area.php part also at the beginning of this. ?_q*=S*T%20password%20F%20f*****_db%20where%20us**='Drake'

help, as always, is MUCH appreciated.

hello! i cant solve this mission 8 sql injection although i have tried a LOT! would help me ? give me the syntax or something ? plz.. i will at least learn something from it, i would appreciate it, stuck in this mission for a while know….

regards..:ninja:

You guy's are overcomplicating it. Think simple,think blind. (or am i thinking of something else,lol)