ThisisLegal.com

ThisisLegal Forums

Welcome to the forums! A chance for site members to chat and get help.

You are not logged in.

#26 2010-06-06 04:53:55

BlueCode
Member
Registered: 2010-06-06
Posts: 2

Re: SQL injection 2

I can log in as every user and I know the secret answer of every user. When I try to prove my identity I always get an error message ("Security answer doesn't match...").

I know the user identifiers as well as the passwords and I've corrected the hidden field in the secret answer form. Where is the finish line? Is that hidden field part of the challenge or is that form dead?

Please help me, how can I get any of the secret answers accepted?

Offline

#27 2010-06-06 07:27:28

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: SQL injection 2

Well, find out who's the admin and what's his security answer then type that.

Offline

#28 2010-06-06 07:53:46

BlueCode
Member
Registered: 2010-06-06
Posts: 2

Re: SQL injection 2

Thanks, I missed that user. biggrin

Offline

#29 2010-06-20 07:00:24

Cubingand
Member
Registered: 2010-06-19
Posts: 5

Re: SQL injection 2

It was a entertaining challenge, but it pissed me because of some things.
This challenge is simulated, isn't it?

Offline

#30 2010-08-11 02:04:52

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

No Cubingand, it isn't.

This is using an actual SQL DB, and copying the errors returned. This is what it would really be like in similar situations.


Site admin

Offline

#31 2010-08-14 01:50:22

ghost7013
Member
Registered: 2009-10-04
Posts: 12

Re: SQL injection 2

i logged in as admin in sql 2
but ... i cant find the security answer...
any hint plzz.. smile
[spoiler]its a bit confusing coz not valid resource [/spoiler]


biggrinhanged:rolleyes::banana:

Offline

#32 2010-08-19 03:56:51

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

Read what the error says when you try to enter a security answer. Try to guess names of tables from this.


[spoiler]Then look at the SQL union statement. Also, I wouldnt try using the security answer input box for anything else than inputting an answer [/spoiler]


Site admin

Offline

#33 2010-09-14 11:07:54

Audi
Member
Registered: 2010-06-27
Posts: 4

Re: SQL injection 2

I must say it is really one of the most interesting and wonderful challenges I have seen. Hats of for the creator....

though I have still to do it, but have enumerated quite some data so would be piece of cake now.

Though took me 2 weeks to figure it.... thank you guys for this wonderful challenge.

Offline

#34 2010-09-18 13:36:23

Audi
Member
Registered: 2010-06-27
Posts: 4

Re: SQL injection 2

Finally got it.......

Offline

#35 2010-11-18 06:32:51

deepdbest
Member
Registered: 2010-11-18
Posts: 4

Re: SQL injection 2

Hi... I got a error msg when try to find security question.... i got this error msg..
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'admin'' and password= ''' at line 1"

tell me whats wrong ....

Offline

#36 2010-11-19 00:04:18

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection 2

Thats part of the challenge. Any SQL errors are real. That is showing you part of the SQL query, you should use it to figure out what to correctly enter to make it work the way you want to. I suggest reading our SQL tuts in the tutorial section


Site admin

Offline

#37 2010-11-19 04:56:13

deepdbest
Member
Registered: 2010-11-18
Posts: 4

Re: SQL injection 2

I know that is a Sql error. And I already read the tutorial also. But I dont understand where to put the query. As a example. if i want to execute this Sql query = " SELECT * FROM users WHERE name = ‘username’ "
where I put the query in - 1. in the url, 2. In the Password box, Or 3. in the yser name box. Or 4. Both username and password box.



Help......

Offline

#38 2010-11-20 01:38:43

Null Set
Member
Registered: 2010-06-14
Posts: 23

Re: SQL injection 2

Don't use SELECT * ...

Instead, use SELECT (some number of stuff here)

Using the wildcard will get you nowhere.


Null Set

Offline

#39 2010-11-22 10:33:31

deepdbest
Member
Registered: 2010-11-18
Posts: 4

Re: SQL injection 2

Hi... In SQL 2 ... I m able to login as

admin and us3r.

by sql injuction I found these info..

Table name = security And Database = thisi30_chal()

How to find column names....plzs help...

Offline

#40 2010-11-22 10:37:27

deepdbest
Member
Registered: 2010-11-18
Posts: 4

Re: SQL injection 2

Hi... In SQL 2 ... I m able to login as admin and us3r.

by sql injuction I found these info..

Table name = security And Database = thisi30_chal()

How to find column names from table security ....plzs help...

Offline

#41 2010-11-27 13:26:04

kjangwa
Member
Registered: 2010-03-27
Posts: 23

Re: SQL injection 2

@deepdebest.
To get column and table names.
I used:

1.observation of error messages.
2.A bit of logic.
3.Trial and error i.e guesswork.

Offline

#42 2010-12-03 23:30:20

Null Set
Member
Registered: 2010-06-14
Posts: 23

Re: SQL injection 2

I agree with kjangwa. It took me a long time to get this challenge but once I really took time to study it carefully, I realized how simple it was.


Null Set

Offline

#43 2011-01-16 13:37:21

perun
Member
Registered: 2011-01-16
Posts: 3

Re: SQL injection 2

i found some db from information_schema.tables.. and some columns... i extracted passwords out..
and then logged in as jack, cr0pt, and us3r..
and i filled with security question form with answers...
but nothing happened..

did i miss something out?

Offline

#44 2011-01-16 13:44:04

perun
Member
Registered: 2011-01-16
Posts: 3

Re: SQL injection 2

nvm.. got it..
btw. sorry for double post but u should fix edit option..

Offline

#45 2011-08-02 03:24:57

Null Set
Member
Registered: 2010-06-14
Posts: 23

Re: SQL injection 2

Btw, I'd just like to express my appreciation of this challenge. It's one of the good ones I've encountered and it's one that helped me realized there's more than just 1 way to do SQLi biggrin


Null Set

Offline

#46 2012-01-22 06:03:02

xyberz09
Member
Registered: 2009-06-10
Posts: 46

Re: SQL injection 2

This challenge is definitely a mind boggler. A fascinating conundrum. You have no idea how long it takes to complete it if you can't guess the column names (besides the initial 'answer' column name)

I finally got the answer (just one) after a *lot* of injection and truck loads of
[spoiler](SELECT ... LIMIT 0,1) LIKE ("%a%"), LIKE ("%b%"), LIKE ("%c%") ...[/spoiler]

Took me an eternity to solve, but I still don't get it. I found the database name, table name, one column name (answer) and that's it. I also found out the total number of columns but that wasn't very handy to me. I read a few posts above and found out about the [spoiler]hidden field[/spoiler] in the security answer pages but I have no clue where the values for it are stored and how to get them.

I guess when I finally got the solution, I just got lucky that I tried it in the secret answer section and it was accepted.

This was a *really nice* challenge. I feel like I learned a lot about SQL injection from this. But I'd like to understand the challenge fully. I'd like to know what those [spoiler]4[/spoiler] columns actually are, their names and how many tables there are in the database and their structure.

Could anyone edify me?
Thank you!

[spoiler]
P.S. I found out about the 'name' column name from the forum after I finished the challenge. hrmm
[/spoiler]

Offline

#47 2012-01-31 07:12:30

Null Set
Member
Registered: 2010-06-14
Posts: 23

Re: SQL injection 2

A little hint: recall how an SQL query looks like. Then recall something that you use to specify some things in the query (so that it'd output only a specific row). Then think of the first SQL challenge.


Null Set

Offline

#48 2012-12-30 06:06:58

nilfgaard7
Member
Registered: 2012-12-27
Posts: 6

Re: SQL injection 2

I was lucky to solve it without too much sql injection knowledge... because of the small amount of data (users). Anyway I still cannot understand how can you get the db, table, col names... s would someone pm me? thanks!

Offline

#49 2013-05-23 22:15:08

Backbite
Member
Registered: 2013-04-26
Posts: 66

Re: SQL injection 2

I'm doing something like:

" or SELECT * from security WHERE user=us3r--
and -- for the password and I fail to log in frown

Any hints? Am I doing it right? Or am I way off course?

By xyberz09

I get column name in this post.



The username is enough, and no need to correct this, its halfway there you just need to change 1 or 2 things. Good job

By T0mmy9

make me complete

Offline

#50 2013-05-23 22:23:23

Backbite
Member
Registered: 2013-04-26
Posts: 66

Re: SQL injection 2

Don't forget

Challenge 1 can help you first step.

Offline

Board footer

Powered by FluxBB