basic 20

hey guys , i want some hints please i tried : adm****** UN*** A** SEL*** * FROM the replies is : You are on the right track, but this will not bypass the login. where is my mistake ?

You're over complicating things. You don't need to retrieve data, but simply make it overlook some. It is literally the most obvious SQL injection that you could think of.

thanqs a lot , it did work thanqs to ur advice

i tried different injections like mentioned in https://www.hellboundhackers.org/articles/read-article.php?article_id=862 so that the username or password will be ignored but it didn't worked…. any hint?

Login with the username and password it gives you, and since the input boxes are now gone, try and find somewhere else you can inject.

And it's NOT in the url.

try and find somewhere else you can inject. And it's NOT in the url.

That really helped!!

omega_tek wrote: [quote]try and find somewhere else you can inject. And it's NOT in the url.

That really helped!![/quote]

Hi all, this thread looks untouched for ages so apolgies, I have just joined. So ill try and say this without spoilers:

I have injected C******, and it says nice try. have done it from homepage and from after login but still to no prevail. Any other hints for me?

If you're logged in, and editing the c*****, it doesn't matter what page your doing it from, if it doesn't work after refreshing the page, then it's your injection that's wrong.

Think simple' or one and one, will never add up to two. thumbs up