ThisisLegal.com

ThisisLegal Forums

Welcome to the forums! A chance for site members to chat and get help.

You are not logged in.

#1 2009-01-13 12:35:03

5ystem_0verride
Member
Registered: 2009-01-13
Posts: 7

SQL injection 2

What am i suppose to do, tried many things. Am i suppose to drop the hole table? show the table? or just simply bypass it?

also is the table name [spoiler]security[/spoiler] as the task says or is it something els?


Who Is General Failure And Why Is He Reading My Hard Disk?

Offline

#2 2009-01-14 04:47:19

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

you are supposed to get information from the table. doing the right injection will actually display the information on the page. And yes, the table name you have found is correct.


Site admin

Offline

#3 2009-01-14 05:27:12

5ystem_0verride
Member
Registered: 2009-01-13
Posts: 7

Re: SQL injection 2

Thanks, was a bit confused since there almost to much you can do when someone dont sanitize xD


Who Is General Failure And Why Is He Reading My Hard Disk?

Offline

#4 2009-01-14 06:13:19

Glasklar
Member
Registered: 2008-12-29
Posts: 27

Re: SQL injection 2

this is what i got
[spoiler]select security from admin where security = 'pelle' or 1 = 1--'[/spoiler]

am i close?

Offline

#5 2009-01-14 16:16:40

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

sorry, no frown
if you read the error message youll see [spoiler]security is a separate table[/spoiler]
i checked this today, theres a good few ways to do it.


Site admin

Offline

#6 2009-01-15 00:54:49

5ystem_0verride
Member
Registered: 2009-01-13
Posts: 7

Re: SQL injection 2

you should add some more realistic error msg, when u try sql injecion irl your eyes would practicly explode cuz all the error msgs


Who Is General Failure And Why Is He Reading My Hard Disk?

Offline

#7 2009-01-15 04:06:40

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

theyre not fake error messages tongue

[spoiler]Also, this is all done using just the login box.[/spoiler]


Site admin

Offline

#8 2009-05-03 12:19:26

migera
Member
Registered: 2009-04-27
Posts: 13

Re: SQL injection 2

hey i am tryning to use UNION ALL SELECT...
it gives me an error tot chack the mysql version... any help?

Offline

#9 2009-05-04 05:54:24

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

These arn't fake errors, they're errors the mysql server is actually producing. i wouldnt know without you showing the whole error.

But remember a union select has to have the same number of columns as the login sql being used. Check the tutorials section of the site if you dont know how to do this.


Site admin

Offline

#10 2009-05-04 09:37:19

migera
Member
Registered: 2009-04-27
Posts: 13

Re: SQL injection 2

i know that...
i tryed from 1 to 7 columns... (though i think i know the right number... smile
i can PM you the code...

Offline

#11 2009-05-06 12:33:27

migera
Member
Registered: 2009-04-27
Posts: 13

Re: SQL injection 2

i give up!!
i know the columns amount number
and the line braker... i know what injection i should use and still get a blank form and
no answers... should i gess the column name???

Offline

#12 2009-05-06 17:37:30

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

Use the SQL to login as a user then enter anything as an answer to the security question. Read the error it says, it might help you guess table/column names


Site admin

Offline

#13 2009-05-07 07:05:33

migera
Member
Registered: 2009-04-27
Posts: 13

Re: SQL injection 2

done!
VERY nice chalange!!!
(i did gess the names.. the nesting method confused me) smile))

Offline

#14 2009-05-15 04:14:45

smutley
Member
Registered: 2009-04-21
Posts: 2

Re: SQL injection 2

Having expressed some frustration of the SQL injection in Real 2, I thought that I would express my appreciation of this challenge.  I enjoyed solving it and learnt some things as well.  Got me to read the tutorials!!

Offline

#15 2009-05-15 06:08:20

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

Thanks, thats always good to hear.


Site admin

Offline

#16 2009-07-17 10:37:21

Illusion03
Member
Registered: 2009-02-20
Posts: 4

Re: SQL injection 2

hey Tommy i used a sql query in the secret answer box..when i logged in as usr3..and i know the name of the table ...but i don't understand why this is not working..select * from security; it should have dumped the whole security table..Tell me what i am doing wrong and what else do i need.


withstupid

Offline

#17 2009-07-18 05:37:47

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

[spoiler] dont use the secret answer box, its all done from the login form[/spoiler]

also, doing that may give you an error as you have to match the correct number of columns.


Site admin

Offline

#18 2009-07-29 16:48:33

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: SQL injection 2

i dont know where to start i can say i must use something like this.<br />
[spoiler]SELECT * From Users WHERE User='dontknowthis'[/spoiler]<br />
does the injection have to be done in both fields or username is enough? also correct me please

Offline

#19 2009-07-31 04:36:45

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

The username is enough, and no need to correct this, its halfway there you just need to change 1 or 2 things. Good job tongue


Site admin

Offline

#20 2009-09-18 02:49:21

xyberz09
Member
Registered: 2009-06-10
Posts: 46

Re: SQL injection 2

I'm doing something like:

" or  SELECT * from security WHERE user=us3r--
and -- for the password and I fail to log in frown

Any hints? Am I doing it right? Or am I way off course?

Offline

#21 2009-09-18 02:52:45

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: SQL injection 2

This is the wrong way... Try testing the first way you tried. The 1/2 of the challenge is no big deal. Read again the posts from the beggining this might help.
[spoiler]SQL Challenge 1 very similiar[/spoiler]
P.S: Posts from this topic only help if you have done the 1/2 of this challenge so you don't need them for now. You'll need them after you log in. (2/2)

Offline

#22 2009-09-19 02:04:55

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

xyberz09, that is about 70% correct - good job.

As BuRNeD says, this is similar to the first SQL, so you have to think about merging the first SQL solution and more to complete this part of the challenge

[spoiler]think what could be added after the "or" in your SQL[/spoiler]


Site admin

Offline

#23 2009-09-19 22:38:52

xyberz09
Member
Registered: 2009-06-10
Posts: 46

Re: SQL injection 2

@BuRNeD: I've already completed the first SQL challenge. That's was wayyyy too easy. And I think I've also completed 1/2 of this chall<br />
(I get this text: Logged in as us3r.<br />
<br />
Due to some unexplained break-ins recently to this site, we have added an extra feature to prove you are the owner of this account.)<br />
So I guess I'm doing something wrong after I log in :|<br />
<br />
@t0mmy9: You're asking me to merge the 1st SQL solution and something more for this chall. I get that. But my question is do I have to do this is the while logging in or after that?<br />
<br />
<br />
PS: By thew way, It's getting a little confusing as to where to inject the malicious SQL. At the login prompt? When I'm logged in as us3r? Or when I logout and login again as admin?

Offline

#24 2009-09-20 01:23:11

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

Yeh it is supposed to be confusing.

[spoiler]its all from the login box[/spoiler]


Site admin

Offline

#25 2009-10-04 03:54:09

fred777
Member
Registered: 2009-10-04
Posts: 5

Re: SQL injection 2

Yes its a normal sql injection, and you can add your select-query with UNION.

Offline

Board footer

Powered by FluxBB