Basic 8 - SQL Injection error messages
So Ive gotten up to basic 8 by using google to learn whatever material the challenge description says the challenge is about. (Im planning on learning the material as I go with challenges, then I can return and do them all a few more times to really memorize the commands)
Anyway, Im trying to complete Basic 8 using the method shown in part 2 of this tutorial: http://bit.ly/9KVBj9 (requires membership to view forum post, you can find an extremely similar, if not identical, method here http://bit.ly/w0N3cx) Im not sure its the right way to do it, but based on the fact that I completed 7 using Part 1, plus what I got from the description of 8, Im assuming Part 2 is the method used. However, it doesnt seem to be working properly. I get an error when I add \' to the end of the URL, which would indicate that the webpage is vulnerable. (according to what I\'ve read) But when I try to \"order by 1\" I also get an error. I dont know if that means there are no columns, or what, but Im extremely confused. I thought maybe it had to do with the way my browser was executing it, and Ive tried on both Firefox and Chromium. I tried \"URL order by 1\" and \"URL order by 1–\" and Im getting an error on both of them. Im completely new on the subject, so maybe Ive just got something wrong, but from what Im understanding, theres no reason I should be getting an error from that.
Any help would be greatly appreciated!
This one basic challenge in its self is about grabbing database information using some code.
Im assuming you have used SQL injection on the main page from the documents you have read just use something simple it brings up the database your wanting to steal from.
I take it you have viewed your source and found something hidden. Go to that what does it say.
I want you to think about what you can do with that statement can you change it into a command perhaps? Now thats half that battle. Now its time to grab the database your wanting.
Now you have the command you need and the database you need to take from. Put it together and bam.
Just google SQL cheat sheets. They normally offer some kind of shortcut.
Ok, so after a couple more hours of work, and a lot of reading on Google, Ive learned I was really off base to start with. I read tons of articles, all of which had a slightly different method then others, and I got extremely confused. I spent hours trying things that kept not making sense in the situation, but I didnt know what else to try. I finally completed the challenge a few minutes ago, and I can not describe how happy I was to see that password page. I thank you SO very much for recommending the SQL cheat sheet page. Everything I read online wasnt teaching me at all. It was more along the lines of \"Do this, then this, then this, and youre done\" and they only worked in certain situations, and were trying to extract data that I already had. When I finally stopped trying to combine other things with the cheat sheet, and just used the code presented and what I knew, I got it on my first try. Im still a little confused as to what actually happened. Is the database that I drew from = the table? And is the variable I used = the column? I have a few other questions about the code that was used to accomplish this. I dont completely know how it worked, and I feel like I should. Is there anyone that I can PM to answer some questions about it? I cant ask them here without any spoilers.
P.S. I could not actually view the hint in the source code, and based on a previous forum post, I believe it is because I am running on Ubuntu. Any other users running Ubuntu may want to keep that in mind while doing this challenge. (Forum post is here http://bit.ly/NA0cCR, there is also a chance that I can view it, and just couldnt find it, but I searched for at least an hour cumulative, and if its anywhere near the login code, then Im positive its not showing up for me. I tried in both Firefox, and Chromium)
Hi, I\\\'m not sure if you solved it yet but i\\\'ll post this anyway. Yeah, I was stuck on this same challenge and getting very frustrated.
The idea is that you can use the $_GET variable… that blah.php?var=something. If you view the source code of the page containing the error and look for the comments, you will find this: sql_query. So here\\\'s a hint: blah.php?sql_query=
Remember the error you got when u entered in a password? It said \\\"SELECT * from…\\\"
If this is too much of a spoiler, then im sorry,.