Please ask questions ONLY in this topic.

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Please ask questions ONLY in this topic.

Post by rbino on Wed Nov 16, 2011 2:10 pm
([msg=62942]see Re: Please ask questions ONLY in this topic.[/msg])

Hi to everybody! This is my first post here! :D
I've successfully completed the challenge with a little bit of guessing in the SQL part, but now I'm curious to understand...
Why "the thing" (I won't spoiler :) ) without ALL doesn't work? AFAIK "ALL" only tells SQL not to remove duplicates, but I can't understand how there can be duplicates if the two tables represent totally different things.
Could someone explain this to me?
Thanks in advance!
rbino
New User
New User
 
Posts: 1
Joined: Wed Nov 16, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cracksman on Sun Nov 20, 2011 11:00 pm
([msg=62990]see Re: Please ask questions ONLY in this topic.[/msg])

i have the email list but i can't pm the user, if i click on "private message" (under skin chooser) i get redirected to sign up here on the forums. and I can't find "him" here either. what do i do?
cracksman
New User
New User
 
Posts: 3
Joined: Sun Nov 20, 2011 10:45 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by mShred on Mon Nov 21, 2011 12:01 am
([msg=62993]see Re: Please ask questions ONLY in this topic.[/msg])

cracksman wrote:i have the email list but i can't pm the user, if i click on "private message" (under skin chooser) i get redirected to sign up here on the forums. and I can't find "him" here either. what do i do?

Use the main site's messaging system. Not the forums PMing system.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1707
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Please ask questions ONLY in this topic.

Post by cracksman on Mon Nov 21, 2011 12:45 am
([msg=62994]see Re: Please ask questions ONLY in this topic.[/msg])

yes, the "private message" link, on the main site, redirects me to signup on the forums. http://i.imgur.com/ZigXz.png
cracksman
New User
New User
 
Posts: 3
Joined: Sun Nov 20, 2011 10:45 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Mon Nov 21, 2011 1:27 pm
([msg=63000]see Re: Please ask questions ONLY in this topic.[/msg])

Shred meant the HTS Messages Center, dude. ;)
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by RustyNailgun on Fri Feb 17, 2012 6:54 pm
([msg=64443]see Re: Please ask questions ONLY in this topic.[/msg])

So I have researched SQLI quite a bit recently in order to achieve this challenge. I have checked many of the pages google (and several youtube videos) provided, but am still unable to do this. As well, I have completed the w3schools.com tutorial on SQL (if that means anything). However, when I try to apply these to the page and find the viewable databases after finding the number of said databases, I am only presented with a list of broken link pictures, not numbers. Is there a particular site that explains the syntax/location/etc in greater clarity or detail, or am I missing something?
RustyNailgun
New User
New User
 
Posts: 4
Joined: Sat Feb 11, 2012 10:35 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Feb 18, 2012 5:21 am
([msg=64450]see Re: Please ask questions ONLY in this topic.[/msg])

RustyNailgun wrote:So I have researched SQLI quite a bit recently in order to achieve this challenge. I have checked many of the pages google (and several youtube videos) provided, but am still unable to do this. As well, I have completed the w3schools.com tutorial on SQL (if that means anything). However, when I try to apply these to the page and find the viewable databases after finding the number of said databases, I am only presented with a list of broken link pictures, not numbers. Is there a particular site that explains the syntax/location/etc in greater clarity or detail, or am I missing something?


And why those images are 'broken', huh? Do you know how the <img> tag works?
For greater detail, check the official MySQL docs.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Mon Feb 20, 2012 11:11 pm
([msg=64513]see Re: Please ask questions ONLY in this topic.[/msg])

I am not here for the solution or to be spoonfed I want to learn and after reading the forum many time and using google I could not find the answer for the two questions I will , post them now in the hoping of getting some explanation

1) when I made the sql injection I found two numbers with a photo (which represent of course the vulnerable columns)and when I replace them syntax to to find sql database A BLANK PAGE COMES WITH A BROKEN VERY SMALL PHOTO , i am supposed to get other things not a blank page with a broken image so , I found the two vulnerable numbers so WHY ALTHOUGH I PUT THE CORRECT SYNTAX IN PLACE OF THE VULNERABLE NUMBER NOTHING HAPPENS AND IT TOOK ME TO BLANK PAGE WITH BROKEN LINK???

2)I tried an other type of injection , I tried the sql select from where like that '


and when I press the button the page load and I get all the images of products together in the same page
WHY I DO NOT GET THE EMAIL TABLE????

can I have an answer to these two questions
I HOPE SO
I NEED HELP ABOUT THESE TWO QUESTIONS
Last edited by strongard on Wed Feb 22, 2012 12:48 am, edited 1 time in total.
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Tue Feb 21, 2012 3:06 pm
([msg=64533]see Re: Please ask questions ONLY in this topic.[/msg])

Uhm... Edit it. Very spoilish :D

MySQL + PHP won't accept two queries in one request.
Also, what is retrieved from a database, is not necessarily displayed as text. It can be used as any kind of data, such as a boolean setting for JavaScript, a background color, and image URL, a cookie value, etc.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Wed Feb 22, 2012 12:46 am
([msg=64552]see Re: Please ask questions ONLY in this topic.[/msg])

sorry but

my sql command is true

until 4 then I get an error in 5 , so I have 4 columns



then 2 and 3 are vulnerables , then I replace them by ... to get the thing but instead I get a blank page in which there is a little broken image my question is why ?

you answered "MySQL + PHP won't accept two queries in one request"

then I do not see where I made two queries

could you please show me where I put two queries????????

and then what is wrong with my command???




for the second part

you said :"Also, what is retrieved from a database, is not necessarily displayed as text. It can be used as any kind of data, such as a boolean setting for JavaScript, a background color, and image URL, a cookie value, etc"

if so , then how comes that in my command I request for email address from email list but I get images??? ?

could you please answer me

then finally , the challenge ask for emails not for images so how any hint to push in the right direction of how I get these emails?????



consider this as learning and not as a spoonf ,
if this is spoilish edit it
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests