Basic 8 Help

I am confused about how to inject my SQL into the address bar. I have attempted using index.php?password= and then my SQL code, and then clicking log in and checking the source code but this doesnt work. Could someone point me in the right direction?

Well, for one, you're injecting it in the wrong place and for two, it's not password=, don't just guess that, try looking in the source for some "good" info.

Try looking for a commented out part. And remember, keep the SQL very simple.

OK i know now that i need to use the comment part of the source code that i found so that it reads index.php?sql_*****= instead of what i was using initially… index.php?password= but it is still not working. The sql code i am using is REMOVED BECAUSE OF SPOILER. I am however still confused as to where to inject the code. I believe I need to inject it into the address bar, but this does not seem to be working.

I have also tried making my sql code more broad by using * in more places, leaving the WHERE field out and a few other things but this also did not work. Any tips to get me going from here would be appreciated.

index.php - you sure about that?

Paintballa, remove the spoiler and use a more generalized SQL statement.

anything more general then SELECT * FROM [removed: displayed the answer] ???????

Maybe Xyng, you might want to remove that partcoughhintcough

why remove it? it isn't right. This whole challenge isn't right…

Yeah it is, you're probably just injecting it into the wrong place on the challenge.

I think he's referring to the fact you cannot use the wildcard * for the FROM command in real injections. At least that's what I thought…

nights_shadow wrote: Yeah it is, you're probably just injecting it into the wrong place on the challenge.

you can do the injection in 2 places here and it doesn't work, or is it a guessing-file thing again?

i think my problem is that im just typing the injection in without "escaping" it first so that the sql will execute. But i have tried various ways of doing this but it doesnt seem to work either…

Xyng - Send me a p.m. about exactly what you're doing and i'll help you out with it. I'm sure there must be something simple your missing.

this is the code im using. but its doesnt work. any help? secure-area.php?action=SELECT*FROMPersonsWHEREFirstName='Drake'

Neoquesty wrote: this is the code im using. but its doesnt work. any help? secure-area.php?action=SELECT*FROMPersonsWHEREFirstName='Drake'

well the main idea is the following:

– First of all: what makes you think 'action' can be a $_GET variable from the second php ??? – Send of all: think, dud, open a mysql session and try to type that down … how many errors would you get ??? - the mysql 'command' if i may say that - must actually work …. – What makes you think 'FirstName' it's a mysql row from the specified table !?!?!? – Anyhow, keep the syntax verry clean - and "SHORT" - verry short ……….. (i'd include a condition - i'd really do it - but it seems here it's as short as posible) – check out the original error query letters … and remember: SELECT != select

cya