| |
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
| |
|
|
|
 |
|
|
i registred - then i dont now what to do.
in the cookie there is nothing...
only user and pass that not help me much...
i am stuck...
any hint?
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
Try to think, how the system know what your rank?
- the system read it from a DataBase.
Try to think how can you change values in the DataBase.
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
| |
|
|
|
|
|
|
hmm , i really dont now!!!!
i need to now where is the datebase - but i dont now.
if i want to inject it something - can i do this on the register or something?
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
You don't need to know where the DataBase located, the Query know that and you just need to find some exploitable query :)
good luck!
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
| |
|
|
|
|
|
|
hmm - what do you mean - so i can change the value in?
look i try everything - on reg page there is only a form with user password mail
on login
user password
on forum nothing
on control panel -
nothing.
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
everything? it's not seems like that.
|
|
|
| |
|
|
Inj3ction
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 102
|
| |
|
|
|
|
|
|
Ever heard about sql-injection?
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
| |
|
|
|
|
|
|
lets say I am not so good in that..
i mean i thing i will get it
when i learn sql lang...
but anyway ....
how do i do it ?
if i want to inject the login page :
user : admin
pass : a" or 1==1 or "b ?
and how do i not what the table of the level?
i do :
a" or 1==1 and level=1 --
something like that ?
if the name of level table is something else?
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
plus minus, you need to learn SQL.
try to read that :
http://www.unixwiz.net/techtips/sql-injection.html
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
| |
|
|
|
|
|
|
edit , READ THE RULES , DO NOT POST ANY OF THE LEVELS PASSWORDS OR THE SOULUTIONS !
this time , its a warnning , next time it will be a BANN..
Edit by : codingr At 27/09/2005, 14:38:15
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
| |
|
|
|
|
|
|
shaman66
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 23
|
| |
|
|
|
|
|
|
Muahahahaha
It was so freakin' easy after reading that article about injections :D
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
good job! this is the goal of this challenges! to learn :)
|
|
|
| |
|
|
pro 1337
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11
|
| |
|
|
|
|
|
|
Too hard to understand this text :>
i'll search 1 like this in hebrow...
but tnx for the hint(sql inj)!
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
If you don't understand the english- try to look at the examples and understand by that.
|
|
|
| |
|
|
gitterrost4
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 3
|
| |
|
|
|
|
|
|
I read the whole article about SQL injection and I tried to do it, but there was no reaction at all.
Do i have to insert the code in the address field of my browser?
If yes, I can't find on which page to insert it.
|
|
|
| |
|
