Please ask questions ONLY in this topic.

[Tomboby]

Umm.... Admins I think this this Mission has been hacked.

Following an SQL injection into the 'found' "said"-- user vulnerability.
I came across a list of 5765 users that were named rather retardedly e.g Lisa M. : I am sweet, Peter McDonald : fatman.
And repeated names of "Gary Hunter: whom I was trying to find......

Then, in the user registering section the code had been chopped.. might have been on purpose.

Were these all done on purpose? Or is there really and error with this mission?

[mShred]

Umm.... Admins I think this this Mission has been hacked.

Following an SQL injection into the 'found' "said"-- user vulnerability.
I came across a list of 5765 users that were named rather retardedly e.g Lisa M. : I am sweet, Peter McDonald : fatman.
And repeated names of "Gary Hunter: whom I was trying to find......

Then, in the user registering section the code had been chopped.. might have been on purpose.

Were these all done on purpose? Or is there really and error with this mission?

All of the usernames and whatnot are purposely put there. I think you actually submit them into the database. You have to figure out which one. As for the chopped code..? I'm not sure what you're talking about.

[Tomboby]

Umm.... Admins I think this this Mission has been hacked.

Following an SQL injection into the 'found' "said"-- user vulnerability.
I came across a list of 5765 users that wer......

All of the usernames and whatnot are purposely put there. I think you actually submit them into the database. You have to figure out which one. As for the chopped code..? I'm not sure what you're talking about.

Chopped code, On the register page of the mission:

<BR><B>Wanted Description:<A> </A></B><BR><textarea name="desc" rows=5 cols=20 maxlength=255></textarea><BR>
<input type="submit" value="Register"
</form>

</body>
</html>

I'm not sure on what to do to fix this, so here's the question:
What can I do to fix this code and what are the steps required?

Note
I've tried saving as a html and editing it, but it links back to my hard drive directory...
Is there a program that can live edit the source code?

[Phantom Wolf]

@Tomboy

That looks like a typo, consider sending a bug report. Whoever coded this mission forgot the closing angle bracket. There's a Firefox addon called Firebug that you can use to fix this. Chrome's developer tools has a something similar to Firebug built in.

[Tomboby]

@Phantom Wolf

Thanks, I managed to add the "referer" element of the submission data in the corrected copy on my webpage: "http://www.hackthissite.org/missions/realistic/8/search2.php" so hackthissite thought it was the original.
This was achieved using tamper data, although I would love to learn how to do this manually

Will submit a bug report, but it's probably done on purpose, an update perhaps, just to help limit the amount of registering newbies.

[durazell]

For those struggling with clearing the logs, sometimes mission description tells literally what to do .

[thesauce789]

ok so i got the full list of people by SQL injection...theres somewhere like 5000+ results and 4000 of them are gary hunter related, how can i narrow it down

[Ultrazz_1]

Hey i stucked at begin, the page doesn't allowing me to register, and i tried on search to find some username just to login, i did found it, but when i refresh page or go on Home, it just disconnect me from account..

[cjt08c]

Some of the descriptions are very misleading. I was fooled into thinking a few wrong ones were the username I was looking for. There's a lot of bs to wade through in the user list. Don't give up.

[boyhell11]

its gives me 6072 user name's and pass.... dont know what to do. but i m surely not going to try them all.
instead i am trying to write a script to do it for me. ut it gives me "invalid referral"...... any hint on what the referral part is?