BASIC 18 Y
I have been trying to figure out the character turn by turn but they dont seem to work. I have been using this as my query id=1' and (SELECT SUBSTRING("SELECT DATABASE()",1,1)>' A'); – which is true for any word but idk y i keep getting invalid article again and again?? Pls some just clarify me out……
The challenge hints at being based on blind sql injection, but it clearly isn't as there are noticeable changes on the page.
The "Invalid article" message confirms when an injection fails in the exact same way the appearance of an SQL error message would.
This means you can approach it like any normal error based sql injection, without the need for any true or false statements, or time delays.
All that's required of you here is to get the number of columns and the table name, putting them together will be enough to earn you the points. It's really that simple.
PS:Â Your injection would always fail because:Â > 'A'Â should be = 'A' Â
Ok I seem to understand what are you saying but why it has to be ='A' i tried typing the same command in mysql and sicnce the name of database starts with a letter it will always be <'A' . In my pc it always giives 1 as ouptut which means its true so 1 and 1 shd be true?? Pleaze clarify it out…. EDIT: Shd I use the ascii value for comparison rather then 'characters?'?
What this challenge is meant to show you, is that you don't have to rely on seeing the sql error messsges in order to exploit the vulnerability.
In a real blind scenario, even though you'll have access to the information_schema, it is often much easier and quicker to guess the names of the tables and columns, rather than running an automated attack and spamming the target sites logs.
Guessing the table name IS the proper way to pass the challenge.