Basic 18

ghost

0 0

17 years ago

Ok I know where to place the injections and i can prove that it is injectable, so i tried to view all the tables on the database so that i may get the table name and go from there with select * from (what i was trying to find) but it wasn't working. I was wondering how could i find out the table name and the different columns in the table and then after all of that what should i be looking for to trigger the challenge completed. Please help

ghost

0 0

17 years ago

table name is, what the script pulls out…

and if udont now what columns..try NULLing it out..

Hope That Helps

ghost

0 0

17 years ago

OK do i do a Union to place both the queries together? Then what about * it looks like its stripped.

ghost

0 0

17 years ago

it would be better if u would PM me with what you got….

ghost

0 0

17 years ago

moshbat wrote: so i need to use a n*ll instead of the table name..? Would that be logical…

read my first post..

ghost

0 0

17 years ago

Do we have to get an error from the script to get that table name? i can't… I also tried with do.sys*****s but i couldn't get anything…

Uh oh. Looks like your using an ad blocker.

ghost

ghost

ghost

ghost

ghost

ghost