Please ask questions ONLY in this topic.

[jkflash]

I figured this mission out with the help from all the comments.

I understand how and why to find the number of table-columns and where and why to add the NULLs.

The thing I still not really understand is the difference between UNION and UNION ALL, or to say it in other words: I do not really understand why UNION (without ALL) does not work here.
If anyone who fully understands this mission could perhaps send me a pm about what the difference is in this case, I would very much appreciate it. Good examples for UNION/UNION ALL are welcome, too, as I didn't find anything really understandable for me.

Edit:
I tried to send the eMail results to SaveTheWhales, but when I try to send a message in my message-center, it says "You are not authorised to send private messages.", what do I have to do? It says here that messaging is locked for my account, and I cannot receive pms :-/

[tomd966]

i am so confused!!
ive spent ages on this challenge and reading this forum, but i dont get it
i know ive got to sql inject, and i think i know where, and i think i know how.
but i keep on getting a broken image and i dont understand what i do. i assume my syntax is wrong, but i hav no idea where it is wrong
any help would be appreciated
im currently entering:
......../realisic/4/p*******.php?name= s***** * from p******* U**** A** s***** e****, n***, n***, n*** from e****
any help would be appreciated

[fashizzlepop]

......../realisic/4/p*******.php?name= s***** * from p******* U**** A** s***** e****, n***, n***, n*** from e****

You're missing a critical bit in the beginning. Also, try to simplify it.

[cissou]

THE PRIVATE MESSAGE FUNCTIONALITY SEEMS TO BE DOWN, AND NOT ONLY FOR ME !

[fashizzlepop]

THE PRIVATE MESSAGE FUNCTIONALITY SEEMS TO BE DOWN, AND NOT ONLY FOR ME !

DON'T TYPE IN ALL CAPS!!! It's annoying, to say the least.

You can't PM until a certain number of posts.

[jkflash]

You can't PM until a certain number of posts.

oh man.. in this case I have to try again later.. thx anyway

The thing I still not really understand is the difference between UNION and UNION ALL, or to say it in other words: I do not really understand why UNION (without ALL) does not work here.
If anyone who fully understands this mission could perhaps send me a pm about what the difference is in this case, I would very much appreciate it. Good examples for UNION/UNION ALL are welcome, too, as I didn't find anything really understandable for me.

still not really understanding this, though

[fashizzlepop]

To msg SaveTheWhales you use the main site's message system.

[Azkrath]

I already completed this challenge, i did an SQL injection, but instead of using the "N**L" value for table-columns i just used 4 times " * " and it worked (sorry if this is considered a spoiler, if it is i'll remove it). What i don't understand is 2 things:
First, why 4 and not 3 or 2? i know they have to have the same number of columns but how do we find it is 4?
Second, was it intended to do it with 4 " * " or i just bypassed something beeing clever?

Can anyone PM me with the answers of this? (since posting them on topic might be considered spoilers). Thank You

[fashizzlepop]

There are other injections that let you find the number of tables. As for the *, I'm not sure.

[python32]

Hi i have been trying all day i am new to SQL Injection i know some of the commands and how to enter them but i keep getting broken images and when i check the source there's nothing there. I have managed to get all the products on one page with the UNION ALL but when i try to get MySQL version or try to get table or column information i get broken images.
this is my script Im trying please delete this if it is a spoiler!!

http://www.hackthissite.org/missions/re ... category=2 u***** a** s***** *,t****_n***,*,* f*** information_schema.t*****--

where am i going wrong ?