Think Very Carefully About What the SQL Commands are Doing

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Think Very Carefully About What the SQL Commands are Doing

Post by mShred on Sun Aug 21, 2011 1:20 pm
([msg=61047]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Xiv wrote:I have the problem, that i can´t send a private message to SaveTheWales O.o
Whenever i click the link to the message center, there is only "Private messaging is locked".
I can edit the properties, but i can´t type a message :(

pls help guys

Don't use the forum PMing system, use the main site messaging center or whatever it is.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1713
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by fashizzlepop on Sun Aug 21, 2011 5:28 pm
([msg=61054]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

mShred wrote:Don't use the forum PMing system, use the main site messaging center or whatever it is.

Is it just me, or is that common sense? :?
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by mShred on Sun Aug 21, 2011 6:03 pm
([msg=61061]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

fashizzlepop wrote:
mShred wrote:Don't use the forum PMing system, use the main site messaging center or whatever it is.

Is it just me, or is that common sense? :?

Sometimes I begin to wonder..
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1713
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Gee4rce on Thu Sep 22, 2011 6:12 am
([msg=61733]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I'M REALLY FUCKED NOW!!!! F*CK F*CK F*CK i'm mad at this mission >:[

Im in the cat***** section and when i type:

-> pr****.php?.....=' SE*** * FR*** e***l;
....then nothing happens - blank page!
else
-> pr****.php?.....= SE*** * FR*** e***l;
.... i get a blank page again, but his time with a broken image - viewing the source of that blank html with a broke img does not bring me any further!

Whats wrong here?
And what is everybody talking bout null'z and unions?
There's only this one Command needed, isn't it so? : SE*** * FR*** e***l;
Gee4rce
New User
New User
 
Posts: 3
Joined: Thu Sep 22, 2011 4:02 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by mShred on Thu Sep 22, 2011 9:23 am
([msg=61734]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

If that commad was the only one needed, then you probably would have passed the mission, isn't it so? My advice. Calm the hell down. And look into union all SQL Injection.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1713
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by deadonce on Sat Sep 24, 2011 10:49 am
([msg=61807]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

So, in order to solve this mission, we have to union two tables. We can get the number of columns for the first table with "ORDER BY".

My question is, how do we get the second table's number of columns? Since it is not initially loaded on the u**, we can't really use the "ORDER BY" command to tell, can we?
For example, it is easy to guess that the e**** table has only 1 column, but in reality, it may have many many columns. How will we know how many?

Trial and error with nulls can be tedious for larger tables, especially if the first table has the first or so columns as int instead of string, and we have to put it as "null, *, (so many null,s)" in order to read the string values.

Any suggestions for a more elegant solution?
deadonce
New User
New User
 
Posts: 1
Joined: Sat Sep 24, 2011 10:36 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by mShred on Sun Sep 25, 2011 3:21 pm
([msg=61827]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

deadonce wrote:So, in order to solve this mission, we have to union two tables. We can get the number of columns for the first table with "ORDER BY".

My question is, how do we get the second table's number of columns? Since it is not initially loaded on the u**, we can't really use the "ORDER BY" command to tell, can we?
For example, it is easy to guess that the e**** table has only 1 column, but in reality, it may have many many columns. How will we know how many?

Trial and error with nulls can be tedious for larger tables, especially if the first table has the first or so columns as int instead of string, and we have to put it as "null, *, (so many null,s)" in order to read the string values.

Any suggestions for a more elegant solution?

That's the beauty of it. Enumeration is a bitch. It's all about blackbox testing. Many people use or write programs to do it for them, but even the programs have to use the trial and error methods.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1713
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Atauzeromind on Mon Mar 19, 2012 5:59 pm
([msg=65097]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

So... is null a dummy just for testing, and then after null, *, you have to put as much nulls as there are columns?
Atauzeromind
New User
New User
 
Posts: 14
Joined: Mon Mar 12, 2012 4:24 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Learning_Noob on Mon Apr 16, 2012 1:19 am
([msg=65712]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

This is input to other readers as well as feedback to the manager(s) of this mission:

To those doing Realistic 4 -
Follow what has been said here page for page; members have explained enough in the first 4 pages for someone with no experience in SQL Inj (ME) to understand what to input and where to do so to get results.

To manager(s) -
The email system is vary vague to new users; i still haven't figured out how to reply to a msg from a user who has a hidden email. Maybe i'm not searching in the right place; I'm trying to keep this constructive - someone asking for this type of help would normally leave a way to get in touch, if that's what they wanted? I guess i'm saying it seems like there would be a direct address posted or maybe a link to reply on the mission page. Then again, that encourages us to be lazy which is counter-productive.
Learning_Noob
New User
New User
 
Posts: 2
Joined: Sun Apr 15, 2012 8:30 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by imthebest69 on Tue May 08, 2012 4:54 am
([msg=66199]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I've completes this mission, however.
Since there are less columns in the products table, than in the target table, why do I have to use one additional null than required? Can anyone PM me.
imthebest69
New User
New User
 
Posts: 6
Joined: Tue May 08, 2012 4:50 am
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests