Basic 8

I've been working on this one for a while now, read all of the articles written about it. I guess I should cover what I already know. This sql injection is done by returning a key-value through the url in the secure area. I guess I'm just a noob to the sytax but I've been trying to teach myself via online articles and they're mostly about writing the webpages, not returning key-values from the DB through the url. Anyhow here is the most recent thing I've tried.

secure-area.php?sql_query(username = 'Drake' & password=@password)

Any help at all would be appreciated.

~panda

bluntrllnpanda wrote: secure-area.php?sql_query(username = 'Drake' & password=@password)

That isn't how you send data with GET. See: http://www.htmlcodetutorial.com/forms/_FORM_METHOD_GET.html

Also, you need to send a valid SQL query.

so does sql_query = get?

and how close is secure-area.php?get Username = Drake ?

bluntrllnpanda wrote: so does sql_query = get?

and how close is secure-area.php?get Username = Drake ?

Close, but think in terms of literal SQL queries. Obviously your answer is going to be php?sql_query=XXXXXXX

think SELECT * FROM etc.

Use an actual query to solve the problem.

Arabian wrote: Obviously your answer is going to be php?sql_query=XXXXXXX

think SELECT * FROM etc.

Use an actual query to solve the problem. Spoiler?

btw… quick question. Why wont it work with lower-case? I thought capitalization really didn't matter.

HacKid wrote: [quote]Arabian wrote: Obviously your answer is going to be php?sql_query=XXXXXXX

think SELECT * FROM etc.

Use an actual query to solve the problem. Spoiler?

btw… quick question. Why wont it work with lower-case? I thought capitalization really didn't matter.[/quote]

I think it is because this challenge is a simulation of an sql injection and they didn't bother to test for upper and lower case.

Thank you guys so much!! I've spent so many hours on this thing and I just got it. I tried sql queries using select many times with no luck just missed a crucial step. Thanks again!!