SQL Union/select commands

General technological topics without their own forum go here

SQL Union/select commands

Post by Fidd1er on Thu Nov 08, 2012 5:10 pm
([msg=70658]see SQL Union/select commands[/msg])

Couple of days ago I barely completed Basic 1, so exuse me if it's a lame question. Here's the deal: I gave up on solving realistic 4 and rushed to youtube, where I found the solution to be very unclear to me. I was told there to inject to following code:
*removed mission spoiler content*
1) Why didn't "SELECT * FROM email" work?
2) Why doesn't UNION work (Why is the ALL required?)
3) wtf is this "null *same*"

Danke =)

EDIT:
In a different subject. Chrome seem to fill all spaces in the link with %20 (or sth), ya have any solution (this really bothers me)? Also, what addons do you use to modify cookies in chrome?
Fidd1er
New User
New User
 
Posts: 2
Joined: Thu Nov 08, 2012 4:59 pm
Blog: View Blog (0)


Re: SQL Union/select commands

Post by centip3de on Thu Nov 08, 2012 11:20 pm
([msg=70666]see Re: SQL Union/select commands[/msg])

Fidd1er wrote:Couple of days ago I barely completed Basic 1, so exuse me if it's a lame question. Here's the deal: I gave up on solving realistic 4 and rushed to youtube, where I found the solution to be very unclear to me. I was told there to inject to following code:
*removed mission spoiler content*
1) Why didn't "SELECT * FROM email" work?
2) Why doesn't UNION work (Why is the ALL required?)
3) wtf is this "null *same*"

Danke =)

EDIT:
In a different subject. Chrome seem to fill all spaces in the link with %20 (or sth), ya have any solution (this really bothers me)? Also, what addons do you use to modify cookies in chrome?


I, myself, skipped the missions (except the basic, and a few realistic) and came straight to the forums, so I' not sure exactly what you're looking for. However, I do know that there is part of the forum dedicated to just covering the missions, over here. In reply to your edit, though, I've found "Edit This Cookie" does a good job of cookie-managing.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1426
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: SQL Union/select commands

Post by weekend hacker on Fri Nov 09, 2012 1:33 pm
([msg=70675]see Re: SQL Union/select commands[/msg])

UNION only selects distinct values so to make sure you get everything in the database you'll have to use UNION ALL (although UNION could give some results, the way HTS emulates the exploit could prevent anything but the totally correct answer)

The second query needs to have the exact same number of columns as the first one. This isn't the case, the table you are trying to get has far less columns so you can specify to add additional columns with null in the select part.(null being null values, nothing of value was added but the column count now matches)

In theory you could even add other values then a null value(like the string "boob"), but again you will be limited with how HTS emulates the mission, and whatever value you take will need to have the same datatype as that column in the first table.

I'd suggest you learn more about SQL, you can get the basics on http://www.w3schools.com/sql/default.asp
and even try it out with their demo
<Yoda> if someone says something i don't like, i ban him, ban whoever defends him, and then ban the witnesses...
User avatar
weekend hacker
Administrator
Administrator
 
Posts: 192
Joined: Sun Apr 13, 2008 2:39 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: SQL Union/select commands

Post by LoGiCaL__ on Sat Nov 10, 2012 1:06 pm
([msg=70687]see Re: SQL Union/select commands[/msg])

weekend hacker wrote:UNION only selects distinct values so to make sure you get everything in the database you'll have to use UNION ALL (although UNION could give some results, the way HTS emulates the exploit could prevent anything but the totally correct answer)

The second query needs to have the exact same number of columns as the first one. This isn't the case, the table you are trying to get has far less columns so you can specify to add additional columns with null in the select part.(null being null values, nothing of value was added but the column count now matches)


Good explanation. Basically UNION will return distinct records and UNION ALL will return duplicates records (IF ANY) all as one query. Key part being the 2nd paragraph that Weekend wrote.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1061
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: SQL Union/select commands

Post by njpg on Tue Mar 04, 2014 3:40 am
([msg=79733]see Re: SQL Union/select commands[/msg])

LoGiCaL__ wrote:
weekend hacker wrote:UNION only selects distinct values so to make sure you get everything in the database you'll have to use UNION ALL (although UNION could give some results, the way HTS emulates the exploit could prevent anything but the totally correct answer)

The second query needs to have the exact same number of columns as the first one. This isn't the case, the table you are trying to get has far less columns so you can specify to add additional columns with null in the select part.(null being null values, nothing of value was added but the column count now matches)


Good explanation. Basically UNION will return distinct records and UNION ALL will return duplicates records (IF ANY) all as one query. Key part being the 2nd paragraph that Weekend wrote.



What? That doesn't answer anything. Why would duplicate rows matter in this context? What row would be duplicated by adding UNION SELECT 100,200,300,400;
njpg
New User
New User
 
Posts: 2
Joined: Tue Mar 04, 2014 3:25 am
Blog: View Blog (0)


Re: SQL Union/select commands

Post by cyberdrain on Wed Mar 05, 2014 7:22 pm
([msg=79741]see Re: SQL Union/select commands[/msg])

Good job on the necro...
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1098
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests