Pen Testing 1

I'm stuck at the SQL part of this challenge. Any injection I can think of (as well as any input at all in both fields) is just giving the message "Access denied for user 'www-data'@'localhost' (using password: NO)". Is this challenge working properly?

EDIT THIS FOR SPOILERS

also, yes its being buggy, the whole challenge is.

The challenge is working fine.

Thanks Mordak, I must just be missing something. I'll keep on trying!

PM me if you need to.

may i PM with what im doing as well, because i keep getting error popups that say "you have already found this exploit" even though i haven't and it doesnt add points.

Sure PM me.

I am also stuck at the sql part. Can I pm someone the injections i have tried?

sure

is this challenge down?? cuz i tried every sql injection and all the combination which i know. but still getting this error: > Access denied for user 'www-data'@'localhost' (using password: NO)

Death_metal666 wrote: is this challenge down?? cuz i tried every sql injection and all the combination which i know. but still getting this error: [quote]Access denied for user 'www-data'@'localhost' (using password: NO)[/quote]

Someone Pmed me the same question not too long ago. I will resend it to you.

challenge is up … yippee solved thanks to molested … thank you

maybe im doing something wrong, i still get "Access denied for user 'www-data'@'localhost' (using password: NO)"

Is this challenge still working as supposed? I am not able to log in using the given account and password. Could someone confirm it is broken?

I am having the same problem .is the challenge broken?

i got the sql injection pretty easily man just act like a bad parent and beat it to death :D

I suppose this one might be broken. There is no way I manage to get the SQL related one and the session related one (not sure if I am trying the right thing here) but there's no doubt about the SQL part.

The SQL related exploit is not currently working but the exploit for the session still works.

The SQL page is working, Just tried it. The exploit was changed from the original.

Worked for me. :)

im 30 points shy of the 350 points completion of this pent1 challenge, however I have attempted using the injection in the admin page and it does nothing.. a flicker here then the page reloads and acts like nothing happened. I have attempted several types of injections. no success and im starting to wonder if this is buggy or am I injecting it wrong.. you know the famous 'or 1=1– string doesnt even work tho. any pointer/hints?

It's not a bug, it's just a different injection. :P