Think Very Carefully About What the SQL Commands are Doing

[Crustin]

So I have read through this entire board, and a whole slew of info on SQL. I am pretty new to this, so I don't know if I am just missing some basic knowledge. Would anyone be willing to PM me so I can tell them what I have figured out so far and get some feedback on what I am doing wrong?

[ecmchaos]

I think some of the hints and links posted previously on this thread are helpful but skip a big part of it. Most of you already at this point have to come to figure out the general commands you need, the table name, etc. but when entered, what would supposedly be right, you are met with a broken jpg. This is good. You're on the right track. Now go back to the website and observe products.php?category=1 and products.php?category=2 pages. What are the similarities and differences between these two pages? We have at this point assumed the server is using sql so how are these two pages structure similar? What could this say about the table we are trying to reveal? and finally how can we use the commands and in what syntax to give the final result?

Use this link to read up on sql if you haven't already and take a look at the null and union commands:
http://w3schools.com/sql/default.asp

P.S. when looking at tutorials and links such as this don't think about entering it exactly as it appears. Learn the syntax and apply it to this mission.

Hope this helped.

P.P.S. If an admin could PM me with an explanation as to how and why we know to use xxxxx...n***, *, ...etc.
I understand it in an abstract way but I'd like to know how to put it into words.

[taxvi]

Completed

My Informative note:
In SQL you use ORDER BY { column_name | column_number }. I wanna point out that ORDER BY column_number is scarcely mentioned in google search results. But what it does is pretty self-explanatory: ORDER BY 1 will order results by first column ascending; ORDER BY 2 will do by second; etc...

now you figure it out how you can use it.

[f1r3fly_s3r3n1ty]

UNION ALL SELECT * FROM email;
can someone please pm me, and tell me whats wrong with this solution. I don't seem to be on the right track, but i dunno why. i've been trying this now for 3 days, but i can't figure out the right way of injecting, without looking at solutions.

This is one of the first queries that I tried and I'm also wondering why it doesn't work...can anyone chime in on if this query would work (with a real database), knowing the final solution. Or do you "win" when the application sees the "correct" string...?

Completed

My Informative note:
In SQL you use ORDER BY { column_name | column_number }. I wanna point out that ORDER BY column_number is scarcely mentioned in google search results. But what it does is pretty self-explanatory: ORDER BY 1 will order results by first column ascending; ORDER BY 2 will do by second; etc...

now you figure it out how you can use it.

As previously stated:

You do not need the column names to use the 'order by' command, you are trying to determine how many columns there are. What would be the logical thing to use to to determine that? Then:

...increment until it 'falls off'.

Also, I just wanted to mention that an asterisk is not needed in the solution. You can easily infer what the column name is...

[5ilic0n]

Well, I just finished this one, but my approach was semi-random.

I think that there are still some things that I'm not understanding..If anyone wouldn't mind pm'ing me and answering a few questions I have then that would be great.

Thanks!

[chknt4c0]

This has been requested a couple of times before but can someone pm me with a quick explanation why you cant put the wildcard(*) before the nulls. I am having trouble grasping that part. Thank you for you kindness if you do:)

[5ilic0n]

I've learned a lot since my last post on this.

I think some people are misunderstanding some of the syntax used to complete this mission. Don't get locked into the idea that there is only one way . I think I've actually found four or five ways to get the emails.

[ninjafog]

I've managed to get all the emails, the problem I'm having is not knowing how to send the emails to that savethewales guy. I tried sending him all the emails in a comment on his profile but that didn't work. I then tried to just PM him the emails, but for some reason I'm not authorized to send PM's to anyone. I'm really confused and would greatly appreciate some clarification.


EDIT: Apparently I'm authorized to send PM's now, guess I just needed a few forum posts for that. I'm still not sure how to send the emails to savethewales since he doesn't exist as a user on the forums. I know that the mission says to "reply to this message" but I'm not sure how to "reply" to a mission prompt


SUPER EDIT: NVM, I FIGURED IT OUT!!!! Now I feel dumb.....

[daemonlag]

GOO DAY,

i don't know if i'm doing it wrong but when i am doing the sql injection, all i see was a broken .jpg image, no error messages.