Please ask questions ONLY in this topic.

[rbino]

Hi to everybody! This is my first post here!
I've successfully completed the challenge with a little bit of guessing in the SQL part, but now I'm curious to understand...
Why "the thing" (I won't spoiler ) without ALL doesn't work? AFAIK "ALL" only tells SQL not to remove duplicates, but I can't understand how there can be duplicates if the two tables represent totally different things.
Could someone explain this to me?
Thanks in advance!

[cracksman]

i have the email list but i can't pm the user, if i click on "private message" (under skin chooser) i get redirected to sign up here on the forums. and I can't find "him" here either. what do i do?

[mShred]

i have the email list but i can't pm the user, if i click on "private message" (under skin chooser) i get redirected to sign up here on the forums. and I can't find "him" here either. what do i do?

Use the main site's messaging system. Not the forums PMing system.

[cracksman]

yes, the "private message" link, on the main site, redirects me to signup on the forums. http://i.imgur.com/ZigXz.png

[conscience]

Shred meant the HTS Messages Center, dude.

[RustyNailgun]

So I have researched SQLI quite a bit recently in order to achieve this challenge. I have checked many of the pages google (and several youtube videos) provided, but am still unable to do this. As well, I have completed the w3schools.com tutorial on SQL (if that means anything). However, when I try to apply these to the page and find the viewable databases after finding the number of said databases, I am only presented with a list of broken link pictures, not numbers. Is there a particular site that explains the syntax/location/etc in greater clarity or detail, or am I missing something?

[conscience]

So I have researched SQLI quite a bit recently in order to achieve this challenge. I have checked many of the pages google (and several youtube videos) provided, but am still unable to do this. As well, I have completed the w3schools.com tutorial on SQL (if that means anything). However, when I try to apply these to the page and find the viewable databases after finding the number of said databases, I am only presented with a list of broken link pictures, not numbers. Is there a particular site that explains the syntax/location/etc in greater clarity or detail, or am I missing something?

And why those images are 'broken', huh? Do you know how the <img> tag works?
For greater detail, check the official MySQL docs.

[strongard]

I am not here for the solution or to be spoonfed I want to learn and after reading the forum many time and using google I could not find the answer for the two questions I will , post them now in the hoping of getting some explanation

1) when I made the sql injection I found two numbers with a photo (which represent of course the vulnerable columns)and when I replace them syntax to to find sql database A BLANK PAGE COMES WITH A BROKEN VERY SMALL PHOTO , i am supposed to get other things not a blank page with a broken image so , I found the two vulnerable numbers so WHY ALTHOUGH I PUT THE CORRECT SYNTAX IN PLACE OF THE VULNERABLE NUMBER NOTHING HAPPENS AND IT TOOK ME TO BLANK PAGE WITH BROKEN LINK???

2)I tried an other type of injection , I tried the sql select from where like that '


and when I press the button the page load and I get all the images of products together in the same page
WHY I DO NOT GET THE EMAIL TABLE????

can I have an answer to these two questions
I HOPE SO
I NEED HELP ABOUT THESE TWO QUESTIONS

[conscience]

Uhm... Edit it. Very spoilish

MySQL + PHP won't accept two queries in one request.
Also, what is retrieved from a database, is not necessarily displayed as text. It can be used as any kind of data, such as a boolean setting for JavaScript, a background color, and image URL, a cookie value, etc.

[strongard]

sorry but

my sql command is true

until 4 then I get an error in 5 , so I have 4 columns



then 2 and 3 are vulnerables , then I replace them by ... to get the thing but instead I get a blank page in which there is a little broken image my question is why ?

you answered "MySQL + PHP won't accept two queries in one request"

then I do not see where I made two queries

could you please show me where I put two queries????????

and then what is wrong with my command???




for the second part

you said :"Also, what is retrieved from a database, is not necessarily displayed as text. It can be used as any kind of data, such as a boolean setting for JavaScript, a background color, and image URL, a cookie value, etc"

if so , then how comes that in my command I request for email address from email list but I get images??? ?

could you please answer me

then finally , the challenge ask for emails not for images so how any hint to push in the right direction of how I get these emails?????



consider this as learning and not as a spoonf ,
if this is spoilish edit it