Please ask questions ONLY in this topic.

[conscience]

I just dont understand how the email one works. Does it work like a table and the first column is just an integer that goes up by int+1. Where the second row is the email address is that correct?

Well, if I got your question right, then yes. We'll have something like

Code: Select all

ID  email
1   john@exampleDOTcom
2   mary@exampleDOTnet
3   iamthethirduser@trollDOTorg
4   etc@hackthissiteDOTorg

in this case, let's suppose id is an unsigned int and email is a string (VARCHAR(255)) for example.
also assume that we have another table:

Code: Select all

email                             name
john@exampleDOTcom             John Doe
iamthethirduser@trollDOTorg    Fuckin' Idiot
mary@exampleDOTnet              Mary Poppins
etc@hackthissiteDOTorg           Every Body

(sorry about DOTting, the parser complained about 'URLs')

In this case, for example, if you say SELECT * FROM email WHERE ID=2 UNION SELECT name FROM names WHERE email='etc@hackthissite.org' the query will not execute because the number of columns do not match.
Also, if you "select *" from both tables, the query will still fail due to the coulmn types (UNSIGNED INT vs. String) being different.

if you say SELECT * FROM email WHERE ID=2 UNION SELECT 0,name FROM names WHERE email='etc@hackthissite.org'
your query will execute and you'll get 2 rows:

Code: Select all

2   mary@example.net
0   Every Body

Keeping in mind that the query won't execute if the number of columns don't match, the number of columns can be found out easily by giving the appropriate garbage to the database. this way the website will display error/not display stuff if the columns count is wrong, otherwise, you'll see your garbage besides the normal result of your select.

I really hope my post is not spoilish...

[tyzoid]

I got the list of emails, but when I go to pm the person (savethewales i believe) it says

Code: Select all

You are not authorised to send private messages.


[mShred]

I got the list of emails, but when I go to pm the person (savethewales i believe) it says

Code: Select all

You are not authorised to send private messages.


Don't use the forums PMing system. Use the main site's.

[icywing]

ahh finally got it

[xhacker99x]

how do i get the list of emails/

[mShred]

how do i get the list of emails/

Ya go here.. and do a duh hackity hackity.
But seriously we won't spoon feed you. Try reading through this thread.

[AtomicSyntax]

How or where do I send the list of e-mails to? When I try to send them through a Private Message, I get an error telling me that Private Messaging is not enabled. Help!!!

[mShred]

How or where do I send the list of e-mails to? When I try to send them through a Private Message, I get an error telling me that Private Messaging is not enabled. Help!!!

Mother..

Don't use the forums PMing system. Use the main site's.

[Gorflow]

I searched through many pages of this thread but couldn't find a lot of useful information. I think there is a big jump here from the other missions. I know the table name, but the syntax and placement of the SQL injection are very confusing, despite online resources.

[Defience]

I searched through many pages of this thread but couldn't find a lot of useful information. I think there is a big jump here from the other missions. I know the table name, but the syntax and placement of the SQL injection are very confusing, despite online resources.

There's a way to find out how many columns there are as well. Try to find some information on that, it should help.