Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

basic 8

  1. Home
  2. Forum
  3. Basic
  4. basic 8

ghost's Avatar

ghost

0 0

I think i'm close on this one:

in the secure-area.php there must be a php script,sth that takes info from the form in the previous page,compares the password with the one from the database,if it's correct you are in.

it should be sth like this: might spoiling it a litle

$form=$_GET["form"];
$sql_query=SELECT * FROM family_db WHERE username='Drake'  password=$form

what i'm saying is:all you have to do is change the query variable.

at least am i in the right way? can i pm someone with what i have so far?

p.s.everyone on this mission seem to start their post with: "all i have is SELECT * FROM family_db WHERE username='Drake' " like it's copy pasted or sth


ghost's Avatar

ghost

0 0

Good idea but you can't change the PHP of a website remotely, if it says "$form=$_GET['form']" then $form will always be what you enter for that box. Try to think of how the SQL query actually works

Oh and the actual SQL query it uses is visible on the error page, just find out how to change it


ghost's Avatar

ghost

0 0

yeah i thought it would be like javascript injections,i wasnt aiming at the actual php source code.

I know i have to SELECT … and it should be in secure-area.php since that's where the proccess takes place and that it should be after the question mark any more tips on how to actually insert it?


ghost's Avatar

ghost

0 0

Look in the source for something that could be the name of an sql query, if you haven't already. Then after the ? its "name of query=query" (without the quotation marks) that should be more than enough to get you the password, if you need anything else you should use google, it's not very helpful to just have ppl tell you what to do.


ghost's Avatar

ghost

0 0

this is what i have so far: …php?(name of query)=SEL…password=$_GET['(name of query)'] replace (name of query) with you know what.

now this isnt working and i cant think of why…


ghost's Avatar

ghost

0 0

thanks man just finished it (i cant believe i was making that stupid spelling mistake!@#$%^&*()

password=$_GET['(name of query)']

"name of query" is a php variable just because the man who made the script chose to name it so.it doen't contain the password it does contain though the querry to be executed from the sql server thats where we are aiming at .and if you look your script: (name of query)=SEL…password=$_GET['(name of query)'] is actually (name of query)=SEL…password=$_GET['SEL…password=$_GET['(name of query)']'] which doesn't really make sence

p.s.not sure if what i'm saing is completely right:)http://www.hellboundhackers.org/fusion_images/smiley/smile.gif http://www.hellboundhackers.org/fusion_images/smiley/smile.gif


ghost's Avatar

ghost

0 0

I'm kinda pissed, haha, because I was on the right track at first but then someone told me that you didn't need something. But it's actually pretty easy, just try to think really simply, and if you're having trouble read some SQL tutorials and some basic way you can extract information from a database.