Please ask questions ONLY in this topic.

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Please ask questions ONLY in this topic.

Post by conscience on Thu Feb 23, 2012 1:39 pm
([msg=64577]see Re: Please ask questions ONLY in this topic.[/msg])

How would a database engine know what the data it is holding is for? No chance. Therefore, you don't request email, you request data. String to be more precise. As you probably/hopefully have programmed before, you should start thinking about what stuff strings can be used for. Also, think a bit about what is the output of a PHP script.

Before, you have put the actual query string you tried to execute here. That one contained a semicolon. Semicolon is for terminating a query (and maybe starting another one, but this does not work for LAMP/WIMP/etc). This means that you actually tried to terminate the MySQL query and append a second one. That just won't go. You have to use a single query.
Try looking up how multiple tables in a single query can be read. I'd suggest the MySQL documentation. Quite a lot, but hey, we're here to learn, aren't we?

Another thing to consider: again, <img> tag.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Thu Feb 23, 2012 10:52 pm
([msg=64592]see Re: Please ask questions ONLY in this topic.[/msg])

first you did not answer the first part of my question namely

"my sql command is true

until 4 then I get an error in 5 , so I have 4 columns



then 2 and 3 are vulnerables , then I replace them by SOMETHING to get INFORMATION but instead I get a blank page in which there is a little broken image
WHY ????

can you respond , please , by BECAUSE ...... and you explain to me

I saw the technique injection of vulnerable columns in more than 50 articles and 20 videos , I understand it and when I used it in this challenge , half of it was true and gave me the vulnerable columns but the other half gives me only broken image exactly when I replace the vulnerable columns by something . I want to know WHY

as for the other half I appreciate a lot your explanation about the semi column and it was useful for me
but you said too :"How would a database engine know what the data it is holding is for? No chance. Therefore, you don't request email, you request data. String to be more precise"
"How would a database engine know what the data it is holding is for?" is not needed to solve the challenge , all what I can say is that the type of data stored in database are either literal constant , integers , boolean or float points and the database engine as a software that stores , retrieves and secures data in database is programmed to know about the type of data in database but this is useless for now , because if you want a student to learn about addition in math and you give him a hint about how to solve a polynomial using addition it will be only a misleading information that makes the thing very complicated to him without helping him to progress and improve

"Therefore, you don't request email, you request data. String to be more precise" as if you tell hey you are in www.hackthissite.org , I know that I should request a data and email is a sort of data that can be stored in a database , so you did not tell anything special that help understand the mechanism of the sql command used to solve the challenge

you did not respond this question too

if so , then how comes that in my command I request for email address from email list but I get images??? ? the answer is BECAUSE+EXPLANATION
another thing that is very very important and I did not find any reply from you about it
if when I put request for email I get photos this means that my syntax is true why??? because if my syntax was wrong it would redirect me to a page with a white blank with a little broken photo and a lot of time I put a wrong command and it took me to that blank page so why I get instead all the data gathered in one page (category1+2)
WHY , you did not answer this question too


do you want me to be sincere with you , and with all my respect to you ,
I learn nothing from what you post to me ,
2)you did not help , you make me more lost and every time you answer me , you lack precision , you ignore the majority of my questions and you answer few of them and when you answer , your answers are ambiguous , you send me learn about things that are general and has nothing to do with the essence of the challenge , and sorry , i do not understand your english very good (punctuation, some syntax and grammatical issues)
I hope you understand and I hope someone can help me responding WITH PRECISION about my problems
and thanks
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Feb 25, 2012 8:42 am
([msg=64607]see Re: Please ask questions ONLY in this topic.[/msg])

First, you seems to misunderstand the concept of SQLi. There is no such thing as 'vulnerable column'. There is a vulnerable script which makes calls to the database (which in turn may also have some vulnerabilities, but this is out of our scope ATM). The erratic mechanism of the script can be exploited to work in your favor and retrieve such data from the database that it is otherwise not intended to.

Second, and again, you don't request for an email, nor an image. Therefore there is no 'how come they're image?'. In a database there is no such thing as an image. You request for a string that's called e-mail, however, the database won't know it's purpose. So you've got a string that may be used for several purposes as I mentioned earlier.
You username is a string, your password is a string, your avatar URL is a string, etc.
So, BECAUSE THE PHP SCRIPT LISTS SOME DATA AS IMAGES. BECAUSE THE ORIGINAL PURPOSE IS TO DISPLAY AN IMAGE, A DESCRIPTION, AND A PRICE RESPECTIVELY.

BTW I just redid the chall and realized that this conversation makes no sense at all since when you do this 'the right way', every e-mail will get displayed twice.

Third, my answers are ambiguous because I avoid giving the solution away. All the things I've pointed you to have quite much to do with the challenge. HTS is not about solving it's challenges but to learn these general things via the challenges. If you don't like it, then maybe this site is not for you.

Fourth, Enlglish is not my native language, though I'm pretty fine communicating with the majority of users here. You are an exception to this. As you have quite severe gramm/typo/etc issues in your posts too, I don't feel interested in your complaint.

Fifth, and with all my respect to anyone coming here to learn, you behave like if you were either trolling or aiming for an IOTY. At this point, after lots of patience from my side (and probably from others as you got away without being flamed so far quite well) I'd rather not waste more of my time on you.

For a final word of advice, you should either change your attitude radically or head back playing WOW
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Sat Feb 25, 2012 5:31 pm
([msg=64618]see Re: Please ask questions ONLY in this topic.[/msg])

in this message I did not make any infraction , I did not insult , I neither break the laws of this site nor have I touched its venerability ,I expressed what i felt in a literary , democratic way that does not injure anyone so , I respect all the genius adminstrators in this site I want to learn how to solve these challenge and become an efficient member but if I get banned after this message I can not do anything , this site is very instructive and good but if I am banned I will find another site and so on conscience said :"There is no such thing as 'vulnerable column'" you think I invented this from my head ??? so let's see

article 1 , link 1 : http://www.techinspirit.com/index.php?page=view&id=83 says
Step 3: Find Vulnerable Columns

article2 , link 2 :http://www.howtohackwebsite.com/2011/10/website-hacking-sql-injection-attack.html says

Step 3: Finding Number of Vulnerable Columns:

article 3 , link 3 : http://secxplrd.blogspot.com/2011/11/ba ... video.html says

For this we have to replace one of the vulnerable columns with “ version() “ or “@@version”

and so on ... I can put 100 articles for you to read ...

and you say :"There is no such thing as 'vulnerable column'" in sql injection look at you , you are here from 2009 in hacktthissite you have more than 3 years of experiences and may be 10 years (in comparison with me who has only 2 months and 10 days ) and you do not even know about "vulnerable columns" and even what they are , and you come to show me how I solve this challenge you would better show yourself , I know better than you

2) "There is a vulnerable script which makes calls to the database (which in turn may also have some vulnerabilities, but this is out of our scope ATM). The erratic mechanism of the script can be exploited to work in your favor and retrieve such data from the database that it is otherwise not intended to".
nothing special in all this , this is what sql is intended to do

3), BECAUSE THE PHP SCRIPT LISTS SOME DATA AS IMAGES. BECAUSE THE ORIGINAL PURPOSE IS TO DISPLAY AN IMAGE, A DESCRIPTION, AND A PRICE RESPECTIVELY. this is instructive , and now what you said is useful
so you give me a new information and I appreciate it but if " BECAUSE THE PHP SCRIPT LISTS SOME DATA AS IMAGES"
so how I get the e-mail lists from these images

4)"BTW I just redid the chall and realized that this conversation makes no sense at all since when you do this 'the right way', every e-mail will get displayed twice".

if I know how to do it the "right way" , I would not come here to ask for help

5)you said :"Third, my answers are ambiguous because I avoid giving the solution away. All the things I've pointed you to have quite much to do with the challenge."
you are not even able to understand the difference between "ambiguous" and " evocative" , ambiguous is uncertain and doubtful , go and learn english before you come to talk with me , a hint must be "evocative" not ambiguous

6)you said "HTS is not about solving it's challenges but to learn these general things via the challenges. If you don't like it, then maybe this site is not for you."

I am here to solve these challenges THROUGHOUT learning HOW TO SOLVE THEM , learning is not an end but a mean and this is the difference between you and me : I precise my words and my thoughts , you not this is one of the reasons that explains why in 2 months I learn what you learned in 3 years
another thing , to say is if i want to learn I would not come in this site , I can go to google and learn from it and that is all
I am here to solve the challenges , all of them with no exception

7)you said "Fourth, Enlglish is not my native language, though I'm pretty fine communicating with the majority of users here. You are an exception to this. As you have quite severe gramm/typo/etc issues in your posts too, I don't feel interested in your complaint."

my english is bad too I do not say the contrary but yes your english is the worst and I do not care of the other I care only of myself how I feel toward you and I am not complaining to you , you are not a psychologist you , you do not impress me as I consider that your level is not higher than mine in hacking , I know better than you , and always remember that no one calls you to help me , you come a lone from the beginning of my inscription and you expose your services , I did not call you

do not even dare to decide what should I do and especially do not threat me , and do not engage others (and probably from others as you got away without being flamed so far quite well) , I have no problem with others , be a man and do not impose others , this concerns only you and me

"I'd rather not waste more of my time on you." no one calls you to give your PRECIOUS time to me , you come by yourself
I do not like you I do not want that you waste your time with me , I learn nothing from you and you are easily provoked , and you are not even qualified to help me

PLENTY AND PEACE BREEDS COWARDS , HARDNESS EVER OF HARDINESS IS MOTHER

IF I AM NOT BANNED , any hint about how I would solve this challenge my message is in page 35
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sun Feb 26, 2012 8:52 am
([msg=64627]see Re: Please ask questions ONLY in this topic.[/msg])

strongard wrote:so how I get the e-mail lists from these images

How come you're still alive?

strongard wrote:if I know how to do it the "right way" , I would not come here to ask for help

and then keep claiming to know better

strongard wrote: [the_rest]

my troll alarm keeps getting louder and louder...

BTW, if you actually have learnt anything, you weren't whining here to be spoonfed.


Yeah, you're definitely a candidate for IOTY. Rest assured I'll vote for you.
Oh, and ambiguous actually means 'not straightforward'. (see also: disambiguation, viability, fucktard)
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Sun Feb 26, 2012 2:09 pm
([msg=64632]see Re: Please ask questions ONLY in this topic.[/msg])

I am still stuck in this challenge and until now I did not get
can the expert administrators in this site push me in the right direction by giving of course a hint

I figure out the vulnerable columns 2 and 3 , 3 is in bold because it is the most vulnerable
then I tried to find the table name and the column name by using these two commands
to find the table name I used this command

Edited Out

but all I get is a blank page with a little broken image

I used this command to find the the column names too

Edited

and I get the same result

I am stuck , I red all the forum , googled a lot but without result

until now no one respond me I do not understand why no one of the adminstrator helps me

if I am not allowed to get an answer to my questions so at least , let me know this but please do not ignore my answers
I really stuck more than 1 week in this problem
best regard for the adminstrators of this site a very unique site and very instructive :D :D :D
and thanks
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by LoGiCaL__ on Mon Feb 27, 2012 3:30 pm
([msg=64641]see Re: Please ask questions ONLY in this topic.[/msg])

strongard wrote:I am still stuck in this challenge and until now I did not get
can the expert administrators in this site push me in the right direction by giving of course a hint

I figure out the vulnerable columns 2 and 3 , 3 is in bold because it is the most vulnerable
then I tried to find the table name and the column name by using these two commands
to find the table name I used this command

Edited Out

but all I get is a blank page with a little broken image

I used this command to find the the column names too

Edited

and I get the same result

I am stuck , I red all the forum , googled a lot but without result

until now no one respond me I do not understand why no one of the adminstrator helps me

if I am not allowed to get an answer to my questions so at least , let me know this but please do not ignore my answers
I really stuck more than 1 week in this problem
best regard for the adminstrators of this site a very unique site and very instructive :D :D :D
and thanks


Posting like a whining baby will get you no help. I've seen people give advice only for you to respond like a douche. I don't think this website is for you. You don't want hints, you want the answers. I'll look forward to you not shitting up the forums any longer.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by The2b on Fri Mar 16, 2012 9:33 pm
([msg=65062]see Re: Please ask questions ONLY in this topic.[/msg])

Is this mission broken? I used an SQL code but all it brought up was a broken image. When I checked the source, it said it was ".jpg" and when I clicked the link in the source (normally bringing up an image) it sent me to the source of the would be error page that said that the link was invalid. Is it broken or am I not using the right code?
The2b
New User
New User
 
Posts: 1
Joined: Fri Mar 16, 2012 9:28 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Enzime59 on Sat Mar 17, 2012 4:57 am
([msg=65069]see Re: Please ask questions ONLY in this topic.[/msg])

The2b wrote:Is this mission broken? etc.


The mission isn't broken. You're not using the right code.

Also, don't post strings on the forum as it can spoil the mission instead of pushing people in the right direction.
Google some important SQL commands.
Enzime59
New User
New User
 
Posts: 14
Joined: Wed Sep 14, 2011 2:46 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Mar 17, 2012 6:24 am
([msg=65070]see Re: Please ask questions ONLY in this topic.[/msg])

it said it was ".jpg"


So you got 0 hits, which means your addition returned false. I'd suggest to edit your post, because - as it is pointed out by Enzime59 - it is spolish. Also, knowing how much emails the table has will take you nowhere. You'll need to find out the number of columns instead, since the MySQL command you need to use to 'concatenate' two queries (of the same kind) will require you to give a second query asking for exactly the same number of columns as the first one.

Finding out which command to use and how many columns to query is up to you.

I really hope that the following link won't be considered a spoiler. Guys, please review it.
http://docs.oracle.com/cd/E17952_01/refman-5.5-en/select.html

There ya go. You should be able to find here everything you'll need.
Last edited by conscience on Thu Nov 15, 2012 11:53 pm, edited 1 time in total.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests