basic 8

Okay, I am sure that I am doing something wrong, but I am not sure what. I have gotten to injecting an sql query in the url box (http://www.hellboundhackers.org/challenges/basic8/secure-area.php?password=????) and I have tried: password=GET password, password=GET password FROM family_db, password=GET password FROM family_db WHERE password='a' or 1=1–, etc. Any hints? P.S. I have looked at whitepaper's sql injection tutorial and sam207's and I think that I understand the concept decently…

There's a hint in the source. And there is no GET command in sql.

stranac wrote: There's a hint in the source. And there is no GET command in sql. I know: <!– ?sql_query –>Wrong SQL query so when I type hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db and hit enter, I am submitting a query, right?

draegon wrote: I know: <!– ?sql_query –>Wrong SQL query so when I type hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db and hit enter, I am submitting a query, right?

Think about why there's a ? in that comment. You'll probably get it in a few tries once you figure that out.

isn't it because you need to put a ? after the php extension?

draegon wrote: isn't it because you need to put a ? after the php extension?

Ok, now combine that with the fact it says '?sql_query'. Really, just try and think about stuff logically.

so why doesn't "hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db" work?

I give up.

There's no point in helping someone if they aren't gonna pay attention to what you say.

draegon wrote: so why doesn't "hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db" work?

Do you understand how PHP GET variables work? Why are you trying to set the variable "password"?

Try learning how the different types of PHP variables work: http://www.w3schools.com/php/php_get.asp http://www.w3schools.com/php/php_post.asp

@stranac: well thanks for the help anyway, I'll keep looking…

stealth- wrote: [quote]draegon wrote: so why doesn't "hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db" work?

Do you understand how PHP GET variables work? Why are you trying to set the variable "password"?

Try learning how the different types of PHP variables work: http://www.w3schools.com/php/php_get.asp http://www.w3schools.com/php/php_post.asp[/quote] Thanks for the links… i was pretty confused before. I am still confused about how to inject SQL into the url bar with no get variables present, do I use a '?' after '.php' or not? I tried: hellboundhackers.org/challenges/basic/challenge8/secure-area.php?@@password hellboundhackers.org/challenges/basic/challenge8/secure-area.php @@password hellboundhackers.org/challenges/basic/challenge8/secure-area.php? SELECT password (does the added space do anything?) I now realize that I was utterly confused earlier, but remain confused now…

I'd like to avoid giving out too many spoilers here, so if you'd like you can PM me and I'll give you some more help.

I have problems with this challenge too.