Page 15 of 19

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Wed Feb 19, 2014 11:07 am
by MParsons095
I successfully hack the database and retrieved the list of emails, but the mission hasn't been marked as complete. Did I miss something?

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Wed Feb 19, 2014 10:00 pm
by Rezlets
You need to send the list (through HTS's message system, not a PM on the forums) to the person who hired you in the first place.

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Thu Feb 20, 2014 7:37 pm
by Roostir
OKAY! so this took me FOREVER to figure out WHERE to inject the SQL.... my question is, why does it have to be on THAT page(s)? why not on the main page or the email error page?

EDIT: okay scratch everything i just said... I just got more lost.

I understand SQL injection to an extent, how it works, and kinda what its purpose is. What I don't understand is how to correctly place it in the URL bar? is there a specific variable I have to type after the regular URL to separate URL from SQL injection? the pages that end in php? or =1 I can put SQL in ( with no result yet of course, just the broke jpg). but if the URL ends in .php or 4/ then i get redirected to a "HTS page not found" type page. What am I missing here?

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Sat Feb 22, 2014 2:32 pm
by fashizzlepop
Roostir wrote:I understand SQL injection to an extent, how it works, and kinda what its purpose is. What I don't understand is how to correctly place it in the URL bar? is there a specific variable I have to type after the regular URL to separate URL from SQL injection? the pages that end in php? or =1 I can put SQL in ( with no result yet of course, just the broke jpg). but if the URL ends in .php or 4/ then i get redirected to a "HTS page not found" type page. What am I missing here?


The best way to understand something like this is to build and implement it yourself. Learn PHP, HTML, and set up a MySQL database. WAMP is a good start if you're working on windows.

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Mon Jul 07, 2014 8:12 pm
by CK01
I've solved this mission. But I think I'm very luck when I *removed*

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Tue Jul 08, 2014 11:48 am
by cyberdrain
That is a spoiler, but I'll PM you a way to do it.

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Tue Aug 26, 2014 4:42 pm
by DoggerLiam
So today I was finally able to complete this challenge, and I'm quite upset right now.

I've been reading a lot about those sql commands I've never had the necessity to use before, such as u**** **l, and after generating a lot of traffic and somehow using forbidden commands (I got logged out and presented with an "authorization required" 404 page or something like that, I accidentally stumbled upon the n**l tip. Good God, not after all this work, I was just a few bits from finding it for myself.

But anyway, as some short of self-punishment, I'm digging my way through every single sql injection blog, cheat sheet or whatever I find on the net.

Really good challenge, very well done, but I going to have mixed feelings about this one forever.

Sorry for this rant and as always, thank you for spreading this knowledge to the world.

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Thu Feb 26, 2015 8:29 am
by brubru
Dammit, I keep fixating on what I think is the solution and end up wasting so much time for nothing… I feel so bad for having to read this forum to go forward every time :p Oh well, on to the next one!

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Thu Feb 26, 2015 9:29 am
by cyberdrain
brubru wrote:Dammit, I keep fixating on what I think is the solution and end up wasting so much time for nothing… I feel so bad for having to read this forum to go forward every time :p Oh well, on to the next one!

If you learned something, the time is never wasted. ;)

Re: Think Very Carefully About What the SQL Commands are Doing

PostPosted: Thu Feb 26, 2015 6:03 pm
by f0x13
Finally got the emails!

Took me ages, but I'm glad I didn't cheat :D

The key for me was realizing the importance of the criteria for merging two tables.