Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.
Basic #8
i already beaten this mission. But not fully understand.
here is the piece of source from secure-area.php
<tr>
<td class='main-body'>
<center><h2 align='center'>Please Login</h2><BR>
<b>SQL Query Error:</b> SELECT * FROM family_db WHERE
password='sd' <br>Your
Password was not found in our database
</center>
<!--?sql_query-->Wrong SQL query</td>
</tr>
</table>```
I see there is no **<form>**, but how is it possible to inject in the URL?
how can you know the variable name (if ```markup<!--?sql_query-->Wrong SQL query</td>``` is not given) ?
how exactly you guys can say this: **$_GET['sql_query']; **?
Any hellp would be appreciated. :matey:
-------------------------------
That's a bit of a spoiler, you should edit your post.
I think I understand what you mean; there is no real variable. The challenge was made so it would check the URL to see if you have the right answer, the variable that you mentioned doesn't really exist. If it were a real SQL injection hole, you'd be right. But it's just an HBH challenge ;)