Think Very Carefully About What the SQL Commands are Doing

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Think Very Carefully About What the SQL Commands are Doing

Post by bandchicky314 on Mon Mar 21, 2011 8:28 pm
([msg=55341]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Another question, how difficult are the books to understand? I'm not very bright so I can't pick stuff up from very difficult books.
bandchicky314
New User
New User
 
Posts: 20
Joined: Sat Jan 08, 2011 11:14 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by OnlyHuman on Tue Mar 22, 2011 9:16 pm
([msg=55400]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

The first book is incredibly easy to follow. It's designed to teach the very basics of running, and developing for, a LAMP server. The second is designed for actual database hacking, and is far from introductory material. So, you'll still need a source for SQL injections. I have yet to find a single, specific source, that covers it with the attention it deserves. Though there are a vast number of whitepapers on the subject. Some covering it better than others. Next time you search, try appending that term ('whitepapers") to your search. You can find higher quality material that way.
OnlyHuman
Poster
Poster
 
Posts: 192
Joined: Sat Aug 22, 2009 1:37 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by taipan on Thu Mar 31, 2011 6:29 pm
([msg=55797]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Everythink is very clear but this one: why "union all" works but only "union" not? When i read the difference it says dublicated values are allowed in "union all". And thats all. So in theory (and also my experience showed me) union has to be ok too. So why does it not working? Any meaningful explanation?
taipan
New User
New User
 
Posts: 1
Joined: Thu Mar 31, 2011 6:24 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by OnlyHuman on Fri Apr 01, 2011 3:44 am
([msg=55806]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

taipan wrote:Everythink is very clear but this one: why "union all" works but only "union" not? When i read the difference it says dublicated values are allowed in "union all". And thats all. So in theory (and also my experience showed me) union has to be ok too. So why does it not working? Any meaningful explanation?


The duplicate data thing is pretty much irrelevant in this case, as it will be with most SQL injections. Instead, this has to do with mixing data types. UNION has another built in structure, that ensures all data it returns is of the same type. UNION ALL, on the other hand, will return all of the elements it finds in the row, ignoring both duplicates and type. In this case, you were mixing data types between the two tables, so UNION ALL was needed.

If it's easier, try thinking of it as a UNION of two sets mathematically. Let's say you wanted to perform some unions on these two sets:

    Sa = { 0, 2, 5, 8, 9 }
    Sb = { 0.8, 3, 5, 7.2, 10 }
If you wanted to ensure that the result of a union would not disrupt the structure of either set, you would use UNION.

    Sa UNION Sb = { 0, 2, 3, 5, 8, 9, 10 }
But, if you wanted to perform a pure union of these two sets, resulting in exactly the contents of both, you would use UNION ALL.

    Sa UNION ALL Sb = { 0, 0.8, 2, 3, 5, 5, 7.2, 8, 9, 10 }
That sort of bastardizes the mathematics aspect of it, but hopefully serves to illustrate what's actually happening. You could replace [0.8, 7.2] in the above with [email-address-1, email-address-2] and the UNION ALL operation would still place them in the resultant set.

Hope that makes sense.
OnlyHuman
Poster
Poster
 
Posts: 192
Joined: Sat Aug 22, 2009 1:37 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Blueteeth711 on Sat Apr 23, 2011 12:56 am
([msg=56633]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I understand most I what I did this mission, except the part with the *. At first I had the * for the first column followed by three nulls and that didn't work. Why do you get the emails when you put the * in the second and third columns?
Blueteeth711
New User
New User
 
Posts: 1
Joined: Sat Apr 23, 2011 12:42 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by AllByte on Sat May 07, 2011 11:55 am
([msg=57123]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Haha 'FAP'

things might get a little 'sticky'
AllByte
New User
New User
 
Posts: 8
Joined: Thu May 05, 2011 7:47 pm
Blog: View Blog (0)


Stuck

Post by carlosale214 on Sat May 28, 2011 12:12 pm
([msg=57817]see Stuck[/msg])

Okay so i understand that i have to use SQl injection and that Select* from is needed but when i try to search the name of the table it gives me the invalid email message. do i have to somehow comment out code before the "SELECT" with -- or anything similar?

-- Sat May 28, 2011 12:24 pm --

so i have the emails now but i dont know what to do with them?
carlosale214
New User
New User
 
Posts: 3
Joined: Sat May 28, 2011 12:09 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by mutantsrus on Tue May 31, 2011 10:21 am
([msg=57912]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

You have to send them to the user that wanted them.
User avatar
mutantsrus
New User
New User
 
Posts: 40
Joined: Wed Jan 21, 2009 8:01 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by XxBryce10xX on Wed Aug 10, 2011 3:56 pm
([msg=60769]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Hi guys, i can get to the broken image page no problem. Then i have come to the conclusion i need to do a *rd** b* injection but i juct cant figure out the right code and where to place it in the u** if someone could please comment or pm it would be greatly appreciated
XxBryce10xX
New User
New User
 
Posts: 1
Joined: Tue Aug 09, 2011 9:25 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Xiv on Sun Aug 21, 2011 11:28 am
([msg=61046]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I have the problem, that i can´t send a private message to SaveTheWales O.o
Whenever i click the link to the message center, there is only "Private messaging is locked".
I can edit the properties, but i can´t type a message :(

pls help guys
Xiv
New User
New User
 
Posts: 3
Joined: Sun Aug 21, 2011 11:17 am
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests