Search found 39 matches

Return to advanced search

Re: Stuck

Edit: No Spoilers, you can't tell another user exactly what to do. I'll let you get off without a warn this time.
by Nyteblade
on Tue Apr 15, 2008 7:47 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981

Re: Stuck

i have tried a whole bunch of stuff related to SELECT * FROM 'users' WHERE Username= "hunter" and then changing a few of the variables to see what happens, and whenever i enter it i usually get 'Username is too long'. im guessing that my syntax is wrong >.< Have you gotten the list ...
by Nyteblade
on Tue Apr 15, 2008 7:31 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981

Re: Stuck

This is pushing it. I'm hesitant to give this much, but these websites may be of some help. If you encounter a problem, the best way in these practice 'sites' is to try it and find out. http://ocliteracy.com/techtips/sql-injection.html http://www.securiteam.com/securityreviews/5DP0N1P76E.html -Both...
by Nyteblade
on Tue Apr 15, 2008 6:47 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981

Re: Stuck

OK... I've been able to list the accounts, found the required username and was able to transfer the $$. I used the GET method to clear the files (page came back saying 'files cleared').. not sure yet if that's what I needed to do to complete it. Still working on this mission :)
by Nyteblade
on Tue Apr 15, 2008 6:44 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981

Re: Stuck

wibadgers8 wrote:where do you inject the SQL, in url or in the Username: field? any help would be appreciated!


Try the 'Search' page.. hint hint
by Nyteblade
on Tue Apr 15, 2008 6:03 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981

Re: Stuck

Did you manage to list all the usernames yet, or did you just use the search function to find names involving Gary? You have to list all the usernames, how could you trick the search function into doing this? I haven't managed to get a list of all the users yet. I'm still working on that part. Havi...
by Nyteblade
on Tue Apr 15, 2008 1:01 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981

Re: Stuck

BhaaL wrote:I suppose you are logged in, aren't you?
Hint: It doesn't seem to check the password later on...


I'm logged in as the 'admin' user.
by Nyteblade
on Mon Apr 14, 2008 2:36 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981

Re: Stuck

BhaaL wrote:You dont actually have to crack it. Check your cookies.


OK... I must still be missing something. Checking my cookies doesn't show me anything I don't already know. Is there something I'm still not seeing?
by Nyteblade
on Mon Apr 14, 2008 2:04 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981

Please ask questions ONLY in this topic.

Hello, I wonder if anyone can point me in the right direction since I'm kinda stuck. So far, I've been able to determine that there's at least 6 different usernames, using the 'User Info' search, for different variations on Gary Hunter. 3 require a password, 2 do not require a password and 1 (admin)...
by Nyteblade
on Mon Apr 14, 2008 1:15 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 419981
Previous

Return to advanced search