SignupHide Sidebar
Username: 
Password: 
Restrict session to IP 
Statistics
61 Sites
146 Challs
7653 Posts
50210 Users
22 donations
61 Active Sites
World of Wargame
WeChall
Rankk
Electrica
Happy-Security
NewbieContest
LOST-Chall
Yashira
BrainQuest
Net-Force
HackThisSite
ThisisLegal.com
elhacker.net
TryThis0ne
TDHack
+Ma's Reversing
hax.tor.hu
Hacker.org
RoseCode
listbrain.tk
HackBBS
Security Traps
Root-Me
SPOJ
Revolution Elite
W3Challs
Gekkó
Webhacking.kr
µContest
wargame.kr
Valhalla
hacking.allowed.org
Reversing.Kr
SuNiNaTaS
Yoire
wixxerd.com
Hacking-Challenges
OverTheWire.org
RedTigers Hackit
Tasteless
Defend the Web
Mod-X
Omega Project
Disavowed.net
Stereotyped Challenges
ae27ff
pwnable.kr
Challengeland
RingZer0 Team Online CTF
SolveMe
Hacker Gateway
NOE.systems
pwnable.tw
Hack The Box
try to decrypt
CTFS.ME
CanHackMe
MysteryTwister
LordofSQLi
Énigmes À Thématiques
247CTF
Top 10 Players
dloser
Caesum
phoenix1204
benito255
Akorlith
tehron
lordOric
yachoor
nurfed
Hertz
Last 20 Activities
sudophoenixx
a7394966
DealPete
marv99
bosselar
vander91
Akatsuki_lk
evilbit
chalvert
ananthnair
r_karoly
cdkimbroski
bufferstack
Vita
Ne0Lux-C1Ph3r
Ne0Lux-C1Ph3r
XStreamke
Ne0Lux-C1Ph3r
Ragn3rOK
Ragn3rOK
Online within 1d
76 Users
sudophoenixx
chalvert
techhector
a7394966
jiric
RaonSecurity
Alahel
atom9cn
hcase
occasus
WeaselBoy29
InfiniteList767
FoxMaccloud
DealPete
root1337
Oppenheimer
yeee
vander91
Jichou
bosselar
more
WeChall->Challenges->Challenge: Training: MySQL II

SQL injection  Go to the Training: MySQL II challenge

Some enlightenment requiredDouble query
Global Rank: 2564
Totalscore: 6781
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 4y 49d
Last Seen: 4y 41d
The User is Offline
SQL injection
Jan 05, 2016 - 14:11:49 (4y 43d) Google/translate1Thank You!0Good Post!1Bad Post! link
I get stuck.

Sensitive is login authentication, so i try to bypass it writing:
CENSORED
or
CENSORED
but the only message I get is wrong password.

Can anybody give me a hint what I'm doing wrong ?
Last edited by dloser - Jan 05, 2016 - 14:59:17
Global Rank: 1
Totalscore: 755219
Posts: 398
Thanks: 436
UpVotes: 382
Registered: 10y 204d












The User is Offline
RE: SQL injection
Jan 05, 2016 - 15:00:02 (4y 43d) Google/translate1Thank You!1Good Post!0Bad Post! link
You are ignoring the crucial part of this challenge: the password check.
Global Rank: 2564
Totalscore: 6781
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 4y 49d
Last Seen: 4y 41d
The User is Offline
RE: SQL injection
Jan 05, 2016 - 15:37:37 (4y 43d) Google/translate1Thank You!1Good Post!0Bad Post! link
First of all thanks for hint and quick response.

I tried to end SQL command by -- - or -- or %00 and then comment rest of PHP function with multiline comment /*
Injection looks like:

CENSORED

But still getting message about wrong password.
Last edited by dloser - Jan 05, 2016 - 15:42:13
Global Rank: 1
Totalscore: 755219
Posts: 398
Thanks: 436
UpVotes: 382
Registered: 10y 204d












The User is Offline
RE: SQL injection
Jan 05, 2016 - 15:48:02 (4y 43d) Google/translate1Thank You!0Good Post!1Bad Post! link
You cannot comment out PHP code like that. (And if you could, it still wouldn't work.)

B.t.w.: Don't include the injections you are trying in your posts. It could spoil it for others.
tunelko, Redknee, silenttrack, qdxy, n0tHappy, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0 have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 6614 times.