Page 13 of 19

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Sun Aug 21, 2011 1:20 pm
by mShred
Xiv wrote:I have the problem, that i can´t send a private message to SaveTheWales O.o
Whenever i click the link to the message center, there is only "Private messaging is locked".
I can edit the properties, but i can´t type a message :(

pls help guys

Don't use the forum PMing system, use the main site messaging center or whatever it is.

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Sun Aug 21, 2011 5:28 pm
by fashizzlepop
mShred wrote:Don't use the forum PMing system, use the main site messaging center or whatever it is.

Is it just me, or is that common sense? :?

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Sun Aug 21, 2011 6:03 pm
by mShred
fashizzlepop wrote:
mShred wrote:Don't use the forum PMing system, use the main site messaging center or whatever it is.

Is it just me, or is that common sense? :?

Sometimes I begin to wonder..

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Thu Sep 22, 2011 6:12 am
by Gee4rce
I'M REALLY FUCKED NOW!!!! F*CK F*CK F*CK i'm mad at this mission >:[

Im in the cat***** section and when i type:

-> pr****.php?.....=' SE*** * FR*** e***l;
....then nothing happens - blank page!
else
-> pr****.php?.....= SE*** * FR*** e***l;
.... i get a blank page again, but his time with a broken image - viewing the source of that blank html with a broke img does not bring me any further!

Whats wrong here?
And what is everybody talking bout null'z and unions?
There's only this one Command needed, isn't it so? : SE*** * FR*** e***l;

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Thu Sep 22, 2011 9:23 am
by mShred
If that commad was the only one needed, then you probably would have passed the mission, isn't it so? My advice. Calm the hell down. And look into union all SQL Injection.

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Sat Sep 24, 2011 10:49 am
by deadonce
So, in order to solve this mission, we have to union two tables. We can get the number of columns for the first table with "ORDER BY".

My question is, how do we get the second table's number of columns? Since it is not initially loaded on the u**, we can't really use the "ORDER BY" command to tell, can we?
For example, it is easy to guess that the e**** table has only 1 column, but in reality, it may have many many columns. How will we know how many?

Trial and error with nulls can be tedious for larger tables, especially if the first table has the first or so columns as int instead of string, and we have to put it as "null, *, (so many null,s)" in order to read the string values.

Any suggestions for a more elegant solution?

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Sun Sep 25, 2011 3:21 pm
by mShred
deadonce wrote:So, in order to solve this mission, we have to union two tables. We can get the number of columns for the first table with "ORDER BY".

My question is, how do we get the second table's number of columns? Since it is not initially loaded on the u**, we can't really use the "ORDER BY" command to tell, can we?
For example, it is easy to guess that the e**** table has only 1 column, but in reality, it may have many many columns. How will we know how many?

Trial and error with nulls can be tedious for larger tables, especially if the first table has the first or so columns as int instead of string, and we have to put it as "null, *, (so many null,s)" in order to read the string values.

Any suggestions for a more elegant solution?

That's the beauty of it. Enumeration is a bitch. It's all about blackbox testing. Many people use or write programs to do it for them, but even the programs have to use the trial and error methods.

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Mon Mar 19, 2012 5:59 pm
by Atauzeromind
So... is null a dummy just for testing, and then after null, *, you have to put as much nulls as there are columns?

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Mon Apr 16, 2012 1:19 am
by Learning_Noob
This is input to other readers as well as feedback to the manager(s) of this mission:

To those doing Realistic 4 -
Follow what has been said here page for page; members have explained enough in the first 4 pages for someone with no experience in SQL Inj (ME) to understand what to input and where to do so to get results.

To manager(s) -
The email system is vary vague to new users; i still haven't figured out how to reply to a msg from a user who has a hidden email. Maybe i'm not searching in the right place; I'm trying to keep this constructive - someone asking for this type of help would normally leave a way to get in touch, if that's what they wanted? I guess i'm saying it seems like there would be a direct address posted or maybe a link to reply on the mission page. Then again, that encourages us to be lazy which is counter-productive.

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Tue May 08, 2012 4:54 am
by imthebest69
I've completes this mission, however.
Since there are less columns in the products table, than in the target table, why do I have to use one additional null than required? Can anyone PM me.