Challange #8 Can someone shed some light!
I entered a random string in the password box and was taken to secure-area.php which had the SQL error. I looked up the source of the page hoping to find something useful and yes I found the 'sql_query'. Now the problem is how is the query we are supposed to enter help us. Because from what I notice the query only matches the password. Do we need to insert something into the database? I have been trying to do selects as of now. It hit me as I was typing this that I can insert something into the database as well.I'll try that and just in case it doesnt work..I would like someone to tell me what is going on.
markuphttp://www.hellboundhackers.org/challenges/basic8/secure-area.php?sql_query='Insert string'
I went through this page for a little help
markuphttp://www.securiteam.com/securityreviews/5DP0N1P76E.html
REgards,
NO no no!! Nothing like that!! You were in the right track until you said you you had to insert somethin in the datbase. So think like this, ok you want to find a password correct?! Guess so, it's the only textbox I see there with a label marked as "password"
So if you saw sql_query on the source of the error page, what do you think that means?!
well I'll give you a hint!!
hint Query the SQL database hint ;)
If you figure it out, congrats and go get your points :)
If not PM me for some more info ;)