 |
| |
|
immortalus
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 26
|
| |
|
|
|
 |
|
|
Hi...
I got into the newest account, but now I'm stuck...
I've pretty much exhausted my ideas as to how to make it change the details...
Any hints would be appreciated!
Thx
|
|
|
| |
|
|
zEt0s-
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 130
|
| |
|
|
|
|
|
|
You need to login as the administrator..
Try to think where can you inject sql except of the login page.
Gl =]
|
|
|
| |
|
|
immortalus
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 26
|
| |
|
|
|
|
|
|
humm.. Well I found the weak link, finally, but now I still can't change the data! I keep getting:
Microsoft OLE DB Provider for SQL Server error '80040e14'
Unclosed quotation mark before the character string
I just can't seem to bypass that error...
|
|
|
| |
|
|
zEt0s-
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 130
|
| |
|
|
|
|
|
|
Look the structure of the error and think what should you write
|
|
|
| |
|
|
immortalus
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 26
|
| |
|
|
|
|
|
|
I've attacked it from every angle I could've think about...
The problem is with the Quotation mark: '
I can't get why it creates an error even when all the quotes are enclosed...
|
|
|
| |
|
|
zEt0s-
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 130
|
| |
|
|
|
|
|
|
Sry (about the double), I don't know wtf my browser made...
And listen It's unclosed look at the " in the end
Edit by : zEt0s- At 31/12/2007, 14:15:36
|
|
|
| |
|
|
zEt0s-
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 130
|
| |
|
|
|
|
|
|
Sry, I don't know wtf my browser made...
And listen It's unclosed look at the " in the end
Edit by : zEt0s- At 31/12/2007, 14:15:10
|
|
|
| |
|
|
zEt0s-
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 130
|
| |
|
|
|
|
|
|
'"<script>alert(String.fromCharCode(104,116,116,112,58,47,47,119,119,119,46,116,114,121,116,104,105,115,48,110,101,46,99,111,109,47,102,111,114,117,109,47,112,111,115,116,46,112,104,112,63,109,105,100,61,50,56,56,37,51,70,109,101,115,115,97,103,101,61,37,50,48,37,50,50,37,50,48,115,99,114,105,112,116,37,50,48,97,108,101,114,116,37,50,48,49,37,50,48,37,50,48,37,50,48,115,99,114,105,112,116,37,50,48,37,50,50,63,109,101,115,115,97,103,101,61,37,50,55,37,50,50,37,51,67,115,99,114,105,112,116,37,51,69,97,108,101,114,116,37,50,56,49,37,50,57,37,51,67,47,115,99,114,105,112,116,37,51,69));</script>
|
|
|
| |
|
|
zEt0s-
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 130
|
| |
|
|
|
|
|
|
'"<script>alert(String.fromCharCode(104,116,116,112,58,47,47,119,119,119,46,116,114,121,116,104,105,115,48,110,101,46,99,111,109,47,102,111,114,117,109,47,112,111,115,116,46,112,104,112,63,109,105,100,61,50,56,56,37,51,70,109,101,115,115,97,103,101,61,37,50,48,37,50,50,37,50,48,115,99,114,105,112,116,37,50,48,97,108,101,114,116,37,50,48,49,37,50,48,37,50,48,37,50,48,115,99,114,105,112,116,37,50,48,37,50,50,63,109,101,115,115,97,103,101,61,37,50,55,37,50,50,37,51,67,115,99,114,105,112,116,37,51,69,97,108,101,114,116,37,50,56,49,37,50,57,37,51,67,47,115,99,114,105,112,116,37,51,69));</script>
|
|
|
| |
|
|
zEt0s-
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 130
|
| |
|
|
|
|
|
|
'"<script>alert(String.fromCharCode(104,116,116,112,58,47,47,119,119,119,46,116,114,121,116,104,105,115,48,110,101,46,99,111,109,47,102,111,114,117,109,47,112,111,115,116,46,112,104,112,63,109,105,100,61,50,56,56,37,51,70,109,101,115,115,97,103,101,61,37,50,48,37,50,50,37,50,48,115,99,114,105,112,116,37,50,48,97,108,101,114,116,37,50,48,49,37,50,48,37,50,48,37,50,48,115,99,114,105,112,116,37,50,48,37,50,50,37,50,48,115,117,98,106,101,99,116,61,37,50,48,37,50,50,37,50,48,115,99,114,105,112,116,37,50,48,97,108,101,114,116,37,50,48,49,37,50,48,37,50,48,37,50,48,115,99,114,105,112,116,37,50,48,37,50,50,63,109,101,115,115,97,103,101,61,37,50,55,37,50,50,37,51,67,115,99,114,105,112,116,37,51,69,97,108,101,114,116,37,50,56,49,37,50,57,37,51,67,47,115,99,114,105,112,116,37,51,69));</script>
|
|
|
| |
|
|
immortalus
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 26
|
| |
|
|
|
|
|
|
FINALLY!
I got the admin password!
Still not sure how exactly was my new query different from some of the previous once, but who cares :P
Great Success!
Thx 4 the help!
Update:
Passed it!! woohoo!
I have to admit that the last little trick they added is a real nasty one, and I'd say it's over-doing it.. but at least it's all done for!
Edit by : immortalus At 31/12/2007, 19:26:05
|
|
|
| |
|
|
zEt0s-
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 130
|
| |
|
|
|
|
|
|
[tquote=immortalus]FINALLY!
I got the admin password!
Still not sure how exactly was my new query different from some of the previous once, but who cares :P
Great Success!
Thx 4 the help!
Update:
Passed it!! woohoo!
I have to admit that the last little trick they added is a real nasty one, and I'd say it's over-doing it.. but at least it's all done for!
I'm in the part that i'm in the admin and i'm not sure what shoul I do.
I found the ip, I know who made it (***b***), but what should I do now?
|
|
|
| |
|
|
Ratinho
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 52
|
| |
|
|
|
|
|
|
OK im stucking too at the part after i had his real ip...
what now? covert it to something?
|
|
|
| |
|
|
immortalus
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 26
|
| |
|
|
|
|
|
|
Your goal in this mission is to find his IP address...
the "Password" is his IP address...
If you think you found the REAL IP, input it to the submit score page...
Edit by : immortalus At 03/01/2008, 23:57:41
|
|
|
| |
|
|
Ratinho
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 52
|
| |
|
|
|
|
|
|
 |
|
