Please ask questions ONLY in this topic.

[n31ght0]

I try this n work
username: [Removed]
pass: [Removed]

Enjoy

learn the reason why

No. Bad user. Do not post spoilers. *smacks with newspaper* -- Goatboy

[Vriska-Serket]

Hey everyone,

I'm having trouble coming up with a proper SQL script. I've easily got onto the login screen, but I can't get my SQL injection to work. I'm using two websites as general references for my injection:

http://www.w3schools.com/sql/default.asp
http://www.unixwiz.net/techtips/sql-injection.html

Is there any other recommended websites I should read? I tried going through the links on the thread by they're dead.

Thanks in advance.

[romainfox]

You just need to log in as a known username, think where you can find usernames. Then you have to log in as this username and using a SQL injection to ignore the password field (but it can't be empty).

So how can you ignore this field ? Have to make the condition "true".

[Vriska-Serket]

I'm still getting an SQL error. My major problem seems to be making the SQL function true. it may also be just a syntax error I don't see.

Is it possible for me to message someone my SQL injection, and hint me to correcting it? Or perhaps a website that has a tutorial on making SQL injections true?

Again, thanks in advance.

[fashizzlepop]

There are plenty of links in the thread that can help you. If you STILL can't figure it out, pm me.

[Vriska-Serket]

Got it. I wasn't taking advantage of the OR command effectively, and I thought the name of the database was 'members' . This link was vital for me to fully understand what needed to be done - I highly recommend it to those who are stuck: http://st-curriculum.oracle.com/tutoria ... /index.htm

To romainfox and fashizzlepop, major thanks for helping me out. You guys are awesome. =D

[AesPir]

The securiteam link posted throughout this thread is broken. Trying to wrap my head around this concept of SQL injection lol.

[fashizzlepop]

Oh really? A broken link? Never would have guessed based on all those other posts throughout this thread about it being broken. </sarcasm>

Use GOOGLE.

[SpleenThief]

Well I completed this mission, but I've got a question about why a certain string works and another doesn't. Could someone PM me if they're willing to help?

[mShred]

Well I completed this mission, but I've got a question about why a certain string works and another doesn't. Could someone PM me if they're willing to help?

I think it's more because it's an intro the the idea. If a real site was vulnerable, you could probably try out more strings.