Yet another Basic 29 Thread

Hey folks, first post on the forum!

I've been through all of the 'Basic Web Hacking' challenges (apart from 24.) without too much difficulty, but I'm absolutely stumped on 29.

I've tried what feels like every possible combination of XP**H Ins I can think of, and no results have been yielded. I've got the dg parameter in the URL and the query that it shows me after my In***s looks like it should be working.

Could anyone PM me some pointers on how to pwn this challenge please?

Thanks in advance.

DOHOHOHOHOHOHohohoho!!!

Search for how to dump table and you'll be on your way to GLORIOUS COMMUNIST FREEDOM!!!

Hi again,

I eventually gave up on this one and worked my way through Javascript, Realistic and Pen-Test instead.

Now I thought I'd return to this now I have my feet wet a little bit, and still have no clue why my inj***** XP*** is not returning the answer..

Any chance that I could PM someone to take a look at the XP*** I've been trying?

Anyone can lead me to some info on this one.

I'm getting the quotes escaped, and I just can't bypass it, I don't want answers, only some paper so I can learn something to help me with this xpath injection.

Cheers

for the basics.

-> for what gets you to the answer

OWASP is nice, too.

@Arabian is having the addslashes being imposed upon the query supposed to be a part of the challenge? I can't figure out how to get around it.

No it's not, and yes it's fucking up the challenge.