Please ask questions ONLY in this topic.

Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!

Re: Please ask questions ONLY in this topic.

Post by n31ght0 on Sat Mar 12, 2011 1:53 am
([msg=54951]see Re: Please ask questions ONLY in this topic.[/msg])

I try this n work :lol:
username: [Removed]
pass: [Removed]

Enjoy :D

learn the reason why :D

No. Bad user. Do not post spoilers. *smacks with newspaper* -- Goatboy
n31ght0
New User
New User
 
Posts: 1
Joined: Sat Mar 12, 2011 1:50 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Vriska-Serket on Mon Apr 18, 2011 11:14 am
([msg=56423]see Re: Please ask questions ONLY in this topic.[/msg])

Hey everyone,

I'm having trouble coming up with a proper SQL script. I've easily got onto the login screen, but I can't get my SQL injection to work. I'm using two websites as general references for my injection:

http://www.w3schools.com/sql/default.asp
http://www.unixwiz.net/techtips/sql-injection.html

Is there any other recommended websites I should read? I tried going through the links on the thread by they're dead.

Thanks in advance.
Vriska-Serket
New User
New User
 
Posts: 3
Joined: Mon Apr 18, 2011 10:46 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by romainfox on Mon Apr 18, 2011 3:49 pm
([msg=56428]see Re: Please ask questions ONLY in this topic.[/msg])

You just need to log in as a known username, think where you can find usernames. Then you have to log in as this username and using a SQL injection to ignore the password field (but it can't be empty).

So how can you ignore this field ? Have to make the condition "true".
romainfox
New User
New User
 
Posts: 2
Joined: Mon Apr 18, 2011 10:39 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Vriska-Serket on Tue Apr 19, 2011 1:43 pm
([msg=56466]see Re: Please ask questions ONLY in this topic.[/msg])

I'm still getting an SQL error. My major problem seems to be making the SQL function true. it may also be just a syntax error I don't see.

Is it possible for me to message someone my SQL injection, and hint me to correcting it? Or perhaps a website that has a tutorial on making SQL injections true?

Again, thanks in advance.
Vriska-Serket
New User
New User
 
Posts: 3
Joined: Mon Apr 18, 2011 10:46 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by fashizzlepop on Tue Apr 19, 2011 2:59 pm
([msg=56469]see Re: Please ask questions ONLY in this topic.[/msg])

There are plenty of links in the thread that can help you. If you STILL can't figure it out, pm me.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Vriska-Serket on Tue Apr 19, 2011 5:41 pm
([msg=56477]see Re: Please ask questions ONLY in this topic.[/msg])

Got it. I wasn't taking advantage of the OR command effectively, and I thought the name of the database was 'members' :oops: . This link was vital for me to fully understand what needed to be done - I highly recommend it to those who are stuck: http://st-curriculum.oracle.com/tutoria ... /index.htm

To romainfox and fashizzlepop, major thanks for helping me out. You guys are awesome. =D
Vriska-Serket
New User
New User
 
Posts: 3
Joined: Mon Apr 18, 2011 10:46 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by AesPir on Sun May 01, 2011 12:58 am
([msg=56843]see Re: Please ask questions ONLY in this topic.[/msg])

The securiteam link posted throughout this thread is broken. Trying to wrap my head around this concept of SQL injection lol.
AesPir
New User
New User
 
Posts: 1
Joined: Sat Apr 30, 2011 8:15 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by fashizzlepop on Mon May 02, 2011 10:40 pm
([msg=56910]see Re: Please ask questions ONLY in this topic.[/msg])

Oh really? A broken link? Never would have guessed based on all those other posts throughout this thread about it being broken. </sarcasm>

Use GOOGLE.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by SpleenThief on Wed May 04, 2011 1:56 pm
([msg=56974]see Re: Please ask questions ONLY in this topic.[/msg])

Well I completed this mission, but I've got a question about why a certain string works and another doesn't. Could someone PM me if they're willing to help?
SpleenThief
New User
New User
 
Posts: 2
Joined: Wed May 04, 2011 1:48 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by mShred on Wed May 04, 2011 11:01 pm
([msg=57003]see Re: Please ask questions ONLY in this topic.[/msg])

SpleenThief wrote:Well I completed this mission, but I've got a question about why a certain string works and another doesn't. Could someone PM me if they're willing to help?

I think it's more because it's an intro the the idea. If a real site was vulnerable, you could probably try out more strings.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1612
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


PreviousNext

Return to (Real 2) Chicago American Nazi Party

Who is online

Users browsing this forum: No registered users and 0 guests