Think Very Carefully About What the SQL Commands are Doing

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Think Very Carefully About What the SQL Commands are Doing

Post by Crustin on Fri Jul 27, 2012 9:49 pm
([msg=68399]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

So I have read through this entire board, and a whole slew of info on SQL. I am pretty new to this, so I don't know if I am just missing some basic knowledge. Would anyone be willing to PM me so I can tell them what I have figured out so far and get some feedback on what I am doing wrong?
Crustin
New User
New User
 
Posts: 10
Joined: Tue Jun 01, 2010 4:03 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by ecmchaos on Wed Oct 24, 2012 5:52 pm
([msg=70380]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I think some of the hints and links posted previously on this thread are helpful but skip a big part of it. Most of you already at this point have to come to figure out the general commands you need, the table name, etc. but when entered, what would supposedly be right, you are met with a broken jpg. This is good. You're on the right track. Now go back to the website and observe products.php?category=1 and products.php?category=2 pages. What are the similarities and differences between these two pages? We have at this point assumed the server is using sql so how are these two pages structure similar? What could this say about the table we are trying to reveal? and finally how can we use the commands and in what syntax to give the final result?

Use this link to read up on sql if you haven't already and take a look at the null and union commands:
http://w3schools.com/sql/default.asp

P.S. when looking at tutorials and links such as this don't think about entering it exactly as it appears. Learn the syntax and apply it to this mission.

Hope this helped.

P.P.S. If an admin could PM me with an explanation as to how and why we know to use xxxxx...n***, *, ...etc.
I understand it in an abstract way but I'd like to know how to put it into words.
ecmchaos
New User
New User
 
Posts: 1
Joined: Sun Feb 12, 2012 3:55 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by taxvi on Thu Feb 28, 2013 6:14 pm
([msg=74285]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Completed

My Informative note:
In SQL you use ORDER BY { column_name | column_number }. I wanna point out that ORDER BY column_number is scarcely mentioned in google search results. But what it does is pretty self-explanatory: ORDER BY 1 will order results by first column ascending; ORDER BY 2 will do by second; etc...

now you figure it out how you can use it.
taxvi
New User
New User
 
Posts: 1
Joined: Mon Feb 25, 2013 6:49 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by f1r3fly_s3r3n1ty on Mon Mar 11, 2013 1:19 am
([msg=74456]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Beginner1001 wrote:UNION ALL SELECT * FROM email;
can someone please pm me, and tell me whats wrong with this solution. I don't seem to be on the right track, but i dunno why. i've been trying this now for 3 days, but i can't figure out the right way of injecting, without looking at solutions. :(


This is one of the first queries that I tried and I'm also wondering why it doesn't work...can anyone chime in on if this query would work (with a real database), knowing the final solution. Or do you "win" when the application sees the "correct" string...?

taxvi wrote:Completed

My Informative note:
In SQL you use ORDER BY { column_name | column_number }. I wanna point out that ORDER BY column_number is scarcely mentioned in google search results. But what it does is pretty self-explanatory: ORDER BY 1 will order results by first column ascending; ORDER BY 2 will do by second; etc...

now you figure it out how you can use it.


As previously stated:

Defience wrote:You do not need the column names to use the 'order by' command, you are trying to determine how many columns there are. What would be the logical thing to use to to determine that? Then:
Defience wrote:...increment until it 'falls off'.


Also, I just wanted to mention that an asterisk is not needed in the solution. You can easily infer what the column name is...
f1r3fly_s3r3n1ty
New User
New User
 
Posts: 8
Joined: Sun Mar 10, 2013 4:43 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by 5ilic0n on Sun Apr 07, 2013 12:41 am
([msg=74977]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Well, I just finished this one, but my approach was semi-random.

I think that there are still some things that I'm not understanding..If anyone wouldn't mind pm'ing me and answering a few questions I have then that would be great.

Thanks! :)
5ilic0n
New User
New User
 
Posts: 22
Joined: Sat Apr 06, 2013 3:08 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by chknt4c0 on Thu Apr 18, 2013 7:50 pm
([msg=75212]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

This has been requested a couple of times before but can someone pm me with a quick explanation why you cant put the wildcard(*) before the nulls. I am having trouble grasping that part. Thank you for you kindness if you do:)
chknt4c0
New User
New User
 
Posts: 1
Joined: Thu Apr 18, 2013 7:47 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by 5ilic0n on Thu Apr 25, 2013 2:40 pm
([msg=75377]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I've learned a lot since my last post on this.

I think some people are misunderstanding some of the syntax used to complete this mission. Don't get locked into the idea that there is only one way :) . I think I've actually found four or five ways to get the emails.
5ilic0n
New User
New User
 
Posts: 22
Joined: Sat Apr 06, 2013 3:08 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by ninjafog on Tue May 07, 2013 4:58 am
([msg=75491]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I've managed to get all the emails, the problem I'm having is not knowing how to send the emails to that savethewales guy. I tried sending him all the emails in a comment on his profile but that didn't work. I then tried to just PM him the emails, but for some reason I'm not authorized to send PM's to anyone. I'm really confused and would greatly appreciate some clarification.


EDIT: Apparently I'm authorized to send PM's now, guess I just needed a few forum posts for that. I'm still not sure how to send the emails to savethewales since he doesn't exist as a user on the forums. I know that the mission says to "reply to this message" but I'm not sure how to "reply" to a mission prompt :cry:


SUPER EDIT: NVM, I FIGURED IT OUT!!!! Now I feel dumb..... :oops:
ninjafog
New User
New User
 
Posts: 2
Joined: Tue May 07, 2013 4:47 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by daemonlag on Wed Jun 12, 2013 10:46 pm
([msg=76081]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

GOO DAY,

i don't know if i'm doing it wrong but when i am doing the sql injection, all i see was a broken .jpg image, no error messages.
daemonlag
New User
New User
 
Posts: 1
Joined: Wed Jun 12, 2013 10:41 pm
Blog: View Blog (0)


My pies...

Post by uXa on Wed Jul 31, 2013 6:35 pm
([msg=76705]see My pies...[/msg])

This was easy... I could've finished this in half a day, Instead i spent a day working on this, And my only mistake was putting a question mark after the link... (category=1? [SQL string goes here]), I got mad and googled the way out, My lines were correct, It's only the retarded question mark...
uXa
New User
New User
 
Posts: 1
Joined: Wed Jul 31, 2013 6:31 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests

cron