Basic 16 - help with understanding the solution
Hi. I have solved this problem (perhaps on accident -.-) (if proof is wanted, i can pm you the code). However, I am still uncertain as too why only that particular format of the injection works. I understand that it has to do with comments, by why cannot other very similar forms of the injection work as well?
The site is often coded to take a specific answer because it is looking for what, I think has been describe by other seniour members here as, the "pure" or "simplest" form of any exploit - particularly in the basic challanges.
As you probably know, there is a great number of inputs that would work given a real scenario, but this is often not a real scenario.
Hope that answers the question!
Jim
freezard7734 wrote: Hi. I have solved this problem (perhaps on accident -.-) (if proof is wanted, i can pm you the code). However, I am still uncertain as too why only that particular format of the injection works. I understand that it has to do with comments, by why cannot other very similar forms of the injection work as well?
as a simple answer and for you not to send PMs…. you have a query for the login that takes your input and checks it to give you access or not …
now the aim is to make the query returns true always. if the query is "select * from users where password='something';" no comments will b needed but if there is another condition added to that like "select * from users where password='something' and ip='anotherthing';"
then even if your input returned true for the first part it will return false along with the second hale ('the ip thingy'), so your input must return true and comments the second part without resulting a syntax mistake in the query.
and why only few injections may work on some cases (just as an example) … simple input validation maybe?? for an age input it will validate if its a number or not so if your injection has chars not numbers it may not work.
freezard7734 wrote: I'd think that it'd be more realistic if they were a little lenient on the syntax…
Yes it would, but that's where programming the challange becomes more complex and requires more input verification. The "soultion" then, may not necessarily be a better or cleaner solution or even a valid solution because there are many possibilites.
For example: If it were some regular expression that defines the solution, it may not exactly work given the real scenario - or in some cases, it maybe a completely invalid solution.
The idea is to avoid "unneccesarry complexity" in the Basic challanges, to just accept a single strict answer to demonstrate an idea.
Hope that answers the question!
Jim