Basic 20

I give up.

:)

Don't think logically …….. think locally. ;)

Huitzilopochtli wrote: Don't think logically …….. think locally. ;)

Can you elaborate, what do you mean by locally?

Read this thread https://www.hellboundhackers.org/forum/basic_20-7-16805_0.html

rex_mundi wrote: Read this thread https://www.hellboundhackers.org/forum/basic_20-7-16805_0.html

I think I've read almost all of the threads posted in here about basic 20. Still, I have no idea what I'm doing. Well, I know what I'm supposed to do (I guess?). I just have no clue where to input it and at which line.

I couldn't find any other articles that can help me understand further. This one (https://www.hellboundhackers.org/articles/read-article.php?article_id=457) just confuses me.

I can see why that article would confuse a beginner, but the title alone should be enough to point you in the right direction from where to launch your attack.

As for the injection itself, it's not looking for anything complicated, you don't need to retrieve any data, or execute multiple queries, all that's needed is a basic sql injection, so basic in fact, you've already done it in a previous challenge, the only difference here is, the injection point isn't in a login form this time.

Okay, so, just to show you guys how dumb I am at this, I've PM'ed some you guys screenshot linking to what I did.

It wasn't that dumb, you're just over thinking it man, I sent you some pointers in my reply.

I did something in c****** and then it says "Nice try,but blalbalblabla".. I don't know what to do next..Can you show me the correct path??:o

Use an intercepting proxy (preferably burp). Intercept your request and send to to repeater. Start playing with the cookie. Win.

Tbh I don't remember the challenge, but as Huitzilopochtli said, the article's title gives you the answer. (Cookie poisoning/SQLi)