Page 46 of 55

Re: Please ask questions ONLY in this topic.

PostPosted: Tue Oct 23, 2012 5:10 pm
by MassReset
Still working on this one, would just like to say that maybe HTS shouldn't link the images from ANP, because seeing "support" there I thought, "Oh, they must not have the images in the same dir as the html, so that must be where the login is, " and ended up at their actual site.

Re: Please ask questions ONLY in this topic.

PostPosted: Tue Oct 23, 2012 8:00 pm
by WallShadow
MassReset wrote:Still working on this one, would just like to say that maybe HTS shouldn't link the images from ANP, because seeing "support" there I thought, "Oh, they must not have the images in the same dir as the html, so that must be where the login is, " and ended up at their actual site.


I second this.

Re: Please ask questions ONLY in this topic.

PostPosted: Sat Oct 27, 2012 12:10 pm
by Elemenophee
SQL Error -> check, a single ' can fuck you :P

Maybe this is too much for be considered a spoil, be fast mods in case it is. *yeah only because you directly related the video to this mission...*

Re: Please ask questions ONLY in this topic.

PostPosted: Tue Dec 11, 2012 8:25 am
by Paraknight
Looks like update2.php is broken server-side.

Re: Please ask questions ONLY in this topic.

PostPosted: Wed Dec 12, 2012 12:48 pm
by limdis
Should be fixed now

Re: Please ask questions ONLY in this topic.

PostPosted: Sun Dec 16, 2012 4:38 pm
by cp92
I solved this, but I never got the admin password. Is there a mistake? If I'm spoiling, please remove. Thanks :)

Re: Please ask questions ONLY in this topic.

PostPosted: Sun Dec 16, 2012 9:39 pm
by fashizzlepop
No mistake. That's the point. Bypass the password without ever having to know it.

Re: Please ask questions ONLY in this topic.

PostPosted: Tue Dec 25, 2012 5:51 am
by Ufonautas
Haha, that was so simple, and i was looking for a ways fo find contents of database to get username.

Hint 1: Simple

Hint 2: Logging in as a first person on sql type database

Hint 3: Bootlean


By the way, i just found out that their real site has some flaws too,
*sorry mate*

check this out, you can see their variables, as i remember it is possible to send information them using get method. So, it may be next realistic version?

Please, someone more experienced tell me if i'm on the right track for real website. I don't want to hack them, i just want to know if i THINK the right way.

Good luck to everyone who's on this (2) challenge!

Re: Please ask questions ONLY in this topic.

PostPosted: Sat Jan 05, 2013 12:54 pm
by matthew1987
Can someone explain to me why only that syntax works I kind of understand the idea behind the command but I don't understand the placement of the extra characters.

Re: Please ask questions ONLY in this topic.

PostPosted: Sat Jan 05, 2013 9:55 pm
by fashizzlepop
Then you don't understand SQL Injection and SQL statements. I'd research it some more.