Please ask questions ONLY in this topic.

hmm

Post by cthulhu666 on Tue Apr 15, 2008 3:53 pm
([msg=266]see hmm[/msg])

I got to the list of accounts and have the guys real login info but don't know where to go from here. helpzor :D
cthulhu666
New User
New User
 
Posts: 22
Joined: Tue Apr 15, 2008 12:27 pm
Blog: View Blog (0)


Re: Stuck

Post by wibadgers8 on Tue Apr 15, 2008 4:46 pm
([msg=274]see Re: Stuck[/msg])

where do you inject the SQL, in url or in the Username: field? any help would be appreciated!
wibadgers8
New User
New User
 
Posts: 9
Joined: Mon Apr 14, 2008 10:32 pm
Blog: View Blog (0)


Re: hmm

Post by novalyphe on Tue Apr 15, 2008 4:56 pm
([msg=278]see Re: hmm[/msg])

Is there any way to make the site think you're someone you're not?
novalyphe
Experienced User
Experienced User
 
Posts: 51
Joined: Mon Apr 14, 2008 11:15 am
Blog: View Blog (0)


Re: Stuck

Post by Crystal_Bearer on Tue Apr 15, 2008 5:20 pm
([msg=283]see Re: Stuck[/msg])

This is pushing it. I'm hesitant to give this much, but these websites may be of some help. If you encounter a problem, the best way in these practice 'sites' is to try it and find out.

http://ocliteracy.com/techtips/sql-injection.html
http://www.securiteam.com/securityrevie ... 1P76E.html

-Both of these sites are on the first page of a google search, and are readily available to anyone. It's usually easier and faster to just look it up sometimes.
Crystal_Bearer
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Apr 15, 2008 1:48 am
Blog: View Blog (0)


Re: Stuck

Post by Nyteblade on Tue Apr 15, 2008 6:03 pm
([msg=295]see Re: Stuck[/msg])

wibadgers8 wrote:where do you inject the SQL, in url or in the Username: field? any help would be appreciated!


Try the 'Search' page.. hint hint
Nyteblade
New User
New User
 
Posts: 39
Joined: Mon Apr 14, 2008 10:56 am
Blog: View Blog (0)


Re: Stuck

Post by wibadgers8 on Tue Apr 15, 2008 6:36 pm
([msg=298]see Re: Stuck[/msg])

Crystal_Bearer wrote:This is pushing it. I'm hesitant to give this much, but these websites may be of some help. If you encounter a problem, the best way in these practice 'sites' is to try it and find out.

http://ocliteracy.com/techtips/sql-injection.html
http://www.securiteam.com/securityrevie ... 1P76E.html

-Both of these sites are on the first page of a google search, and are readily available to anyone. It's usually easier and faster to just look it up sometimes.


thanks, i have been using those websites. i guess i should have rephrased my earlier question, because what i meant to ask about is why whenever i try to enter the sql injection it always returns me with 'Username too long'
wibadgers8
New User
New User
 
Posts: 9
Joined: Mon Apr 14, 2008 10:32 pm
Blog: View Blog (0)


Re: Stuck

Post by Nyteblade on Tue Apr 15, 2008 6:44 pm
([msg=300]see Re: Stuck[/msg])

OK... I've been able to list the accounts, found the required username and was able to transfer the $$. I used the GET method to clear the files (page came back saying 'files cleared').. not sure yet if that's what I needed to do to complete it. Still working on this mission :)
Nyteblade
New User
New User
 
Posts: 39
Joined: Mon Apr 14, 2008 10:56 am
Blog: View Blog (0)


Re: Stuck

Post by Nyteblade on Tue Apr 15, 2008 6:47 pm
([msg=302]see Re: Stuck[/msg])

wibadgers8 wrote:
Crystal_Bearer wrote:This is pushing it. I'm hesitant to give this much, but these websites may be of some help. If you encounter a problem, the best way in these practice 'sites' is to try it and find out.

http://ocliteracy.com/techtips/sql-injection.html
http://www.securiteam.com/securityrevie ... 1P76E.html

-Both of these sites are on the first page of a google search, and are readily available to anyone. It's usually easier and faster to just look it up sometimes.


thanks, i have been using those websites. i guess i should have rephrased my earlier question, because what i meant to ask about is why whenever i try to enter the sql injection it always returns me with 'Username too long'


What's your injection statement look like? Take a closer look at 'http://ocliteracy.com/techtips/sql-injection.html' like Crystal gave you.
Nyteblade
New User
New User
 
Posts: 39
Joined: Mon Apr 14, 2008 10:56 am
Blog: View Blog (0)


Re: Stuck

Post by wibadgers8 on Tue Apr 15, 2008 7:25 pm
([msg=304]see Re: Stuck[/msg])

i have tried a whole bunch of stuff related to
SELECT * FROM 'users' WHERE Username= "hunter"

and then changing a few of the variables to see what happens, and whenever i enter it i usually get 'Username is too long'.
im guessing that my syntax is wrong >.<
wibadgers8
New User
New User
 
Posts: 9
Joined: Mon Apr 14, 2008 10:32 pm
Blog: View Blog (0)


Re: Stuck

Post by Nyteblade on Tue Apr 15, 2008 7:31 pm
([msg=305]see Re: Stuck[/msg])

wibadgers8 wrote:i have tried a whole bunch of stuff related to
SELECT * FROM 'users' WHERE Username= "hunter"

and then changing a few of the variables to see what happens, and whenever i enter it i usually get 'Username is too long'.
im guessing that my syntax is wrong >.<


Have you gotten the list of all the users yet?
Nyteblade
New User
New User
 
Posts: 39
Joined: Mon Apr 14, 2008 10:56 am
Blog: View Blog (0)


PreviousNext

Return to (Real 8) United Banks Of America

Who is online

Users browsing this forum: No registered users and 0 guests