Username: 
Password: 
Restrict session to IP 

SQL injection  Go to the Training: MySQL II challenge

Global Rank: 2527
Totalscore: 6780
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 3y 327d
Last Seen: 3y 320d
The User is Offline
SQL injection
Google/translate1Thank You!0Good Post!1Bad Post! link
I get stuck.

Sensitive is login authentication, so i try to bypass it writing:
CENSORED
or
CENSORED
but the only message I get is wrong password.

Can anybody give me a hint what I'm doing wrong ?
Last edited by dloser - Jan 05, 2016 - 14:59:17
Global Rank: 1
Totalscore: 755493
Posts: 395
Thanks: 428
UpVotes: 377
Registered: 10y 118d












The User is Offline
RE: SQL injection
Google/translate1Thank You!1Good Post!0Bad Post! link
You are ignoring the crucial part of this challenge: the password check.
Global Rank: 2527
Totalscore: 6780
Posts: 3
Thanks: 3
UpVotes: 2
Registered: 3y 327d
Last Seen: 3y 320d
The User is Offline
RE: SQL injection
Google/translate1Thank You!1Good Post!0Bad Post! link
First of all thanks for hint and quick response.

I tried to end SQL command by -- - or -- or %00 and then comment rest of PHP function with multiline comment /*
Injection looks like:

CENSORED

But still getting message about wrong password.
Last edited by dloser - Jan 05, 2016 - 15:42:13
Global Rank: 1
Totalscore: 755493
Posts: 395
Thanks: 428
UpVotes: 377
Registered: 10y 118d












The User is Offline
RE: SQL injection
Google/translate1Thank You!0Good Post!1Bad Post! link
You cannot comment out PHP code like that. (And if you could, it still wouldn't work.)

B.t.w.: Don't include the injections you are trying in your posts. It could spoil it for others.
tunelko, Redknee, silenttrack, qdxy, n0tHappy, TheHiveMind, Z, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89 have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 6454 times.