Another basic 8
Hagzor wrote: I've done this one before, and one at at hts, so I must at least have the standard knowledge to pass. I've re-read many different articles and went to w3schools and I know about the 'SELECT', 'FROM', 'WHERE' and '*'
And I'm, pretty sure that the query goes in the url, but not how it does. I mean, is it in the blank url?(that's what it did in the HTS one) Or just behind what's already there, or do you add ?sql_query=" " after the .php?
That, I have no idea.
Edit: Bleh
This is basically the stage I'm at but i do know the URL that seems to be the key. I've been looking through Google for like days now and yeh, I can only find the same pages. I've look at that much i don't know what I'm looking for anymore. So any pages that people have found usefull to them regarding this challenge would be most appreciated. or just a pm with a push in the right direction.
;)
I just came to the first basic 8 i could find. I think i have what needs to be injected i'm just unsure where it needs to be injected. in the password field? in the url at basic8/index.php or at the url at basic8/secure-area.php.
Also if i could PM somone with what i have so i know it's correct that would be great. Thanks for your help in advanced
EDIT: by the way i've done this before but my points all got erased for some reason
EDIT2: OK i figured it out. The inject goes in the basic 8/secure-area.php. The way it worked for me is to forget anything about GET, i didn't work for me. instead focus on the VARIABLE and what to put into it.
I think that instead or looking for a certain string combination to be enterered (I imagine the form actually uses a regular expression to validate the correct sql injection code has been entered) the site should actually set up a dummy database.
Here's why… I have entered several combinations of sql code that in real life would have authenticated me but do not here. NeWays, I will continue entering different variations until I get what it is that you are looking for.