Basic 18 I have no clue what i'm doing wrong!

Well, I know a bit about SQL and how it works etc. etc., I would just skip to 19 (because I hate SQL, it just seems a bit annoying. Javascript isn't so bad). but anyway, forget about my person problems with SQL :P

I tried

U**** A** S***** "" FR** nu** WH** 1=1

(without quotes around that one thing) but it didn't work!

I also tried:

U**** A** S***** "" FR** nu** U*** A** S***** "*"

I have looked on google, I have read the old posts but they don't answer many questions. I also read the article on BlindSQL injection, but all it did was confuse me! please some help ^_^ thank you!

I haven't figured this one out yet either, but I was told that instead of trying to select *, try selecting the articles individually and those that might be in other tables by using null.. I could probably be wrong because I myself haven't completed it. But maybe it helps..

This one is commonly over complicated… If the SQL tables that you are trying to piece together do not line up exactly then you have to use a certain something to show that there is either nothing there or the columns vary… maybe that isnt too spoilish for you:happy:

Bah, I'm not asking for the answer >.> I don't work like that. (Although it would be nice sometimes! lol) anyway, do I have all the right commands?

UN*** SE**** AL* FR** WH*** nu** 1=1 "*"

that's what I've been using. Is there some other command I'm missing? Or do I just throw around those ones?

UN*** nu** AL* SE**** "" FR** nu** WH** 1=1 doesn't work :(

Oh, and I'm doing it on the page where it says "Article one" is that right? I know the thingy's don't go higher then 5, although I'm not saying how I know that ^_^.

Not sure that i can answer this one without being too spoilish for you… uhh you wont need the asterisk… and you dont need the WHERE command either i dont think… if you need more help pm me that way we cant ruin the challenge for everyone ^_^

Yep, youve to use a query which makes you know how many columns are ;) O**** **

Read this article and learn about the null command: http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html

The site helped me understand as well as doing a similar mission at HTS [finally!] I was able to complete this one rather easily.

yes I completed it :) rather easy. For those still stuck…you only need 4 commands!

U**** A** SE**** FR**

and think of what you're browsing that's where you should call it from ;)

Yes I finally did it. And you only need 3. UN S*T F**M

you would also needthe command O**** B* to find how many columns are in the table correct? yes.. that way you know to null out that many columns right? yes!

you would also needthe command O**** B* to find how many columns are in the table correct? yes.. that way you know to null out that many columns right? yes!

I first attempted some sql injections of my own to try and verify what i could on my own but they were non conlclusive .

I have read and learned info from these urls :

http://www.securiteam.com/securityreviews/5DP0N1P76E.html http://w3schools.com/sql/default.asp

Then during the process of this challenge have read from these urls :

http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/#UnionLanguageIssues

I think im getting somewhere because instead of normaly receiving :

"Invalid Article" returns I am getting "Article 1U*** S***** ##" when using the "O**** B* –" command . By doing so i think i have reached the number of columns that exist when i reached the "Invalid Article" return after getting consecutive positive returns . If what i am doing is indeed correct i am failing to find the right Injection for this . I have tried many variations of "null" injections after finding the right column count .

Every last one have all returned "Invalid Article" .

Any suggestions ?

the number of columns varies between the two tables as do the column names.. there is a special something in SQL that keeps the injections neat when this happens… use that ^_^ to make the columns work for you

try the post above me first if not you can pm me if your still stuck

Thanks alot fellas . Ill look into what your talking about johnjuan . Thanks for offering your personal assistance Blackmind .

"the number of columns varies between the two tables as do the column names"

I have yet to find the tables or names of the columns

7h3s0urc3 wrote: Thanks alot fellas . Ill look into what your talking about johnjuan . Thanks for offering your personal assistance Blackmind .

"the number of columns varies between the two tables as do the column names"

I have yet to find the tables or names of the columns As i said, use or*** *y…to know the columns number

mido wrote: [quote]7h3s0urc3 wrote: Thanks alot fellas . Ill look into what your talking about johnjuan . Thanks for offering your personal assistance Blackmind .

"the number of columns varies between the two tables as do the column names"

I have yet to find the tables or names of the columns As i said, use or*** *y…to know the columns number[/quote]

Yes sir i have used the function to find the columns number . But johnjuan said there is two tables . How do you find these ? He also said that the column names and numbers change change between the two tables . I would imagine i would find this out when i am able to veiw them in the two different tables .

you just need to guess the names of the tables just think what your looking for? art….. just think and you'll get it

you dont need to know table names… thats what the vague ALL is for >.< you just need to know how many and the database name

two tables?! Ive solved it with only one table, lol… The table, REALLY has logical name.

hmm the two tables thing is new to me lol and yea the table name is prity logical

well there could be a hundred tables ^_^ it doesnt matter you just need to know how many columns that you're looking at

@mido there have to be multiple tables or you wouldnt need the U**** command at all ^_-… at least i think thats what thats supposed to mean hehe