Please ask questions ONLY in this topic.

Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!

Re: Please ask questions ONLY in this topic.

Post by reyes236 on Fri Apr 21, 2017 9:47 am
([msg=93619]see Re: Please ask questions ONLY in this topic.[/msg])

Has anyone else had issues with the login page kicking them off completely from HTS when entering a # symbol as part of a SQL injection? I have completed the mission but was confused to why this was happening.
reyes236
New User
New User
 
Posts: 1
Joined: Fri Apr 21, 2017 9:42 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Solus on Fri Apr 21, 2017 3:01 pm
([msg=93621]see Re: Please ask questions ONLY in this topic.[/msg])

dtmander wrote:Does this mission still work correctly? I have googled SQL injection and tried many things, but get nothing other than an SQL error. Nothing that I try provides any other results. Can someone PM me so that I may discuss my theories and attempted solutions without providing any spoilers? Thanks.


Yes, this challenge still works correctly; this thread has waaaay more information than you need in it, just begin at the start & read through.

reyes236 wrote:Has anyone else had issues with the login page kicking them off completely from HTS when entering a # symbol as part of a SQL injection? I have completed the mission but was confused to why this was happening.


Not sure why you're experiencing this, I had a try inserting hashes into the fields & it worked as expected (told me to fuck off).
Stultus est sicut, stultus facit.
Solus
New User
New User
 
Posts: 5
Joined: Thu Apr 24, 2008 4:15 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by El_Barto666 on Tue Aug 15, 2017 10:54 am
([msg=94103]see Re: Please ask questions ONLY in this topic.[/msg])

It says that you have to login as an admin, but as far as I can tell, there's nothing at all that lets you login. I dont even know where to begin on this one.

-- Tue Aug 15, 2017 10:54 am --

It says that you have to login as an admin, but as far as I can tell, there's nothing at all that lets you login. I dont even know where to begin on this one.
El_Barto666
New User
New User
 
Posts: 2
Joined: Tue Aug 15, 2017 9:48 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Kyobokeylh on Sun May 06, 2018 10:43 am
([msg=95648]see Re: Please ask questions ONLY in this topic.[/msg])

I've finished the mission
But I wonder why is SQL used?
I mean, we often use injection in basic missions, but what code should we use?
in Basic 8, it's a .shtml which means SSI, so we did an SSI injection
in Basic 7, it's a .pl which means perl, then why *nix can be used?
in this mission, it's a .php. What tells us that we can use SQL injection?
Kyobokeylh
New User
New User
 
Posts: 4
Joined: Sun May 06, 2018 10:18 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by NETWORKsecurity on Sun May 06, 2018 12:23 pm
([msg=95649]see Re: Please ask questions ONLY in this topic.[/msg])

Kyobokeylh wrote:in Basic 7, it's a .pl which means perl, then why *nix can be used?

Programming languages can interact with system, it is said cal command is used so that is how you know perl is interacting with *nix system.
Kyobokeylh wrote:in this mission, it's a .php. What tells us that we can use SQL injection?

There is no direct hint for that I guess but SQL is very frequently used technology when it comes to login systems and SQL injections are still on the OWASP top10 list of most common vulnerabilities https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

Truth is you often won't know what technologies are being used on the server and will have to make educated guesses.
NETWORKsecurity
Super Moderator
Super Moderator
 
Posts: 127
Joined: Wed Oct 15, 2014 3:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by NotEasy on Fri Jul 27, 2018 9:23 pm
([msg=96040]see Re: Please ask questions ONLY in this topic.[/msg])

reyes236 wrote:Has anyone else had issues with the login page kicking them off completely from HTS when entering a # symbol as part of a SQL injection? I have completed the mission but was confused to why this was happening.

Thank you, when use # in injection I got a require_auth error from HTS and logged out, so I replace # with -- and it works.
NotEasy
New User
New User
 
Posts: 1
Joined: Fri Jul 27, 2018 9:06 pm
Blog: View Blog (0)


Previous

Return to (Real 2) Chicago American Nazi Party

Who is online

Users browsing this forum: No registered users and 0 guests