Thursday, April 24, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 53   
  • · Total Members: 14,561
  • · Newest Member: eric770804
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1277   
    cruizrisner1057   
    Qwexotic1034   
    Null Set869   
    auditorsec603   
    Override602   
    godofcereal599   
    TurboBorland585   
    Teddy469   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Challenges Realistic Hacking Challenges
    real 5
    Register FAQ Members List Today's Posts Search

    Print Thread
    03-06-2010 07:00 PM real 5
    Any ideas on this one?
    "The higher you climb the more you can see"
     
    Offline
    03-07-2010 04:54 AM RE: real 5 | Edited by Teddy 03-07-2010 04:59 AM
    You need sql injection. And union will work only if u select from the right table. Union select 1,2,3-- wiil not output 1,2,3.

    I thik u should spend a bit more time on one challengee. Do not try one and if u did not find the answer dierectly go over to the next. Spend more time in one challenge then u would get it pass on your own..
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    "The quieter you become the more you are able to hear."

    "With great power comes great responsibility"
     
    Offline
    03-07-2010 02:42 PM RE: real 5
    chronic12 wrote:
    Any ideas on this one?



    make sure you follow the books in the download section Wink

    -----------------------------------------
    "Every great story on the planet happened when someone decided
    not to give up, but kept going no matter what.
    "
    Spryte Loriano
     
    Offline
    03-07-2010 03:48 PM RE: real 5
    Good advice I have completed 3 so will focus on two now
    "The higher you climb the more you can see"
     
    Offline
    03-07-2010 06:12 PM RE: real 5
    i need to do real3. i havent had much time to ponder it but i do know its a tougher one
     
    Offline
    03-10-2010 03:55 AM RE: real 5
    Hi Guys,
    I found the injection point, but want a small help, is this blind injection, as columns do not display on screen. Trying to Union select results in error Mysql_fetch_array.....................
     
    Offline
    03-10-2010 04:10 AM RE: real 5
    Once you have the columns you can go straight to extracting the info you need from one of the columns in the table. The table can be guessed or the name seen in another place on the site, hope this helps
    "The higher you climb the more you can see"
     
    Offline
    03-24-2010 05:32 AM RE: real 5 | Edited by Qwexotic 03-24-2010 06:59 PM
    Hello people, well i am new to these challenges & the field and read all the articles on sql injections but the problem is on basic 12 & here .... whenever i try to put in this command it doesn't return any value or any result , ive been stuck on it way over , i do not need answer or solution to an exercise but typically the right guidance in order to find out where do one actually execute the sql query ... my concern is regarding basic mission 12 & realistic mission 3

    // Hid link - Qwexotic
     
    Offline
    03-24-2010 08:34 AM RE: real 5
    re read the tutorials on the site your syntax is missing some vital parts
    "The higher you climb the more you can see"
     
    Offline
    03-24-2010 10:12 AM RE: real 5
    hey chronic12 thanx for the early reply ... but ive been trying and still am but not able to figure out ... what and where ... a hint or something would be really nice Smile
     
    Offline
    03-24-2010 07:01 PM RE: real 5
    Hey hackitup, I notice a few problems right off the bat with that.

    1) It appears that you are trying to inject on an incorrect page. The link you posted (which I removed) is an injection attempt on login.php which is not vulnerable.
    2) You're attempting to use information_schema. This is the concept of the basic 12 challenge, NOT realistic 3. Realistic 3 has a different idea, but yes, you still must use some sort of UNION... Wink

    securityoverride.net/images/userbar.png
     
    Offline
    03-25-2010 03:20 AM RE: real 5
    Hello
    I need help with the names of the columns in the injection.
    I don't have the column where passwords are stored.
    I've tried stuff like "password", "pass", "pword", "passhash", "hash", "passwordhash", "enc" but in vain.
    I don't think I can access INFORMATION_SCHEMA. So I'll have to just guess the column name?
    Thanks Smile
     
    Offline
    03-25-2010 10:32 AM RE: real 5
    The table name u can somewhere see at the side. You only have to look right Wink.
    Information Schema will not work. One off the colums name from above is right so try to find the right table
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    "The quieter you become the more you are able to hear."

    "With great power comes great responsibility"
     
    Offline
    03-26-2010 04:21 AM RE: real 5
    Thank You.
    I already had the table name, I just put the column name at the wrong place.
    Mission Completed.
     
    Offline
    04-11-2010 11:30 AM RE: real 5
    yeah im lost on this one also been playing around with the union commands from what i have read this has nothing to do with schema

    i have also read all the articles and watched more them my share of video tutorials

    push in the right direction plz
     
    Offline
    04-11-2010 01:02 PM RE: real 5
    @Torrment You have with the order command allready find out how many colums there are ?? If you have u should have a look arround the page. There u will find an hint for the table name. The colums name u can guess. U want to extrect the password so the colum name would be ....

    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    "The quieter you become the more you are able to hear."

    "With great power comes great responsibility"
     
    Offline
    04-11-2010 02:34 PM RE: real 5
    http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections

    check this article out, this should be able to guide you in the correct direction and one of good articles about sql injection through URL manipulation


    Hope this helps....... Smile
    Smile....Even IMPOSSIBLE says I m possible.... Smile

    And with knowledge comes responsibility.
     
    Offline
    04-11-2010 03:13 PM RE: real 5 | Edited by Torrment 04-12-2010 12:19 PM
    thanks i read it again its just got me stumped its like that last one were you could see everything so i find myself going back to it trying the syntax b4 i use it to make sure it will work oh yeah i mean basic 12 when i say the last one
    appreciate the time you all take to help me though

    Thanks all i had the right commands just the wrong column got it now
     
    Offline
    10-14-2010 12:14 PM RE: real 5 | Edited by 5 I_ 4 Y 3 I2 10-19-2010 10:51 AM
    Nvm. I got it.
    5 I_ 4 Y 3 I2
     
    Offline
    01-22-2011 09:38 PM RE: real 5 | Edited by RavishingRickRude 01-22-2011 09:39 PM
    Hey everyone I need help with this mission. Im using the Order command to show the columns and its not giving me an error. I assume I'm doing something wrong. Help is appreciated. Thanks Everyone.

    -RRR
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard