Think Very Carefully About What the SQL Commands are Doing

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Think Very Carefully About What the SQL Commands are Doing

Post by Purple0limar on Mon Jul 19, 2010 12:33 am
([msg=42103]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I hate needing to be baby-fed this, as it seems to defeat the entire purpose, but I don't really know where else to turn.

I've gotten this far: I need to merge the results of a S***** query from a table I don't have direct access to with the results of another S***** query from an adjacent table I do have access to. I can do this by using the U**** A** command. However, the problem arises from the fact that U**** A** requires both S***** queries to ask for the same number of columns. DB1 has four columns; DB2 has only one. I know that adding I* N*** values somewhere here will remedy this by satisfying the U**** A** command's requirements, but I have absolutely no idea where they ought to go. Every combination I've tried has failed, bringing up renderings of ".jpg" but only ever one render, and nothing special in the source code.

(spoiler)
I would expect part of the problem also lies in a lack of understanding of the middleware. I don't know what's going on between the server and my browser when the php page queries the server with a ? character. I can imagine that it's saying "return all results where column 'category' has value '1'," but that's a totally unsubstantiated guess. Somebody, please, help me to understand what UNION ALL needs from NULL.
(/spoiler)

Regards,
Purple

P.S.: Like all other rational forum-posters, I'm not about to go on a vendetta if this post is modded off, as it is quite a bit spoilery; however, I would appreciate any help that mod could offer.

-- Mon Jul 19, 2010 8:56 am --

Got it.

Har har.

If anyone is having the trouble I was, here's a tip: You need to understand the query-return system that the asterisk opens with the SQL DB. Hope that helps.

So, can anyone explain why the DB was returning queries in the form of a .jpg file? That's the only part I still don't understand.

Purple
Purple0limar
New User
New User
 
Posts: 2
Joined: Sat Jul 17, 2010 9:16 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by c0ke on Tue Jul 20, 2010 1:37 am
([msg=42219]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

first of all I just want to express a BIG thank you to the HTS staff. I'm learning so much, and I wouldn't know as much as i do now (not that much) if it weren't for you guys. Thanks <3

I really don't want to post any spoilers but I read through the thread and I think this will all be kosher.
Now, I know that i have to SELECT * from two different tables. Most likely using a form of the UNION command. However I know that the column is an unknown. I've had quite a few haphazard attempts to join the all of the info i need with the unknown NULL columns. however i'm really not sure how to order the command... I'm having a hard time finding information about NULL commands. http://w3schools.com/sql/sql_null_values.asp is a good place. but i'm not finding what i need. I know i'm close but i really need a nudge in the right direction. sorry this is so long. i didn't intend on writing a book here lols.

Thanks A lot. <3
c0ke
New User
New User
 
Posts: 5
Joined: Mon Jun 14, 2010 7:31 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by LGdrummer on Mon Aug 16, 2010 11:25 pm
([msg=43833]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

i need help, i read through the entire forum and dont understand wat im doing wrong. i understand SQL injections and i kno where to use them. i use SELECT * FROM E****, but i just get directed to a broken image page. other people have been told to check the source code. i did that but i dont know what im supposed to be looking for. can someone please point me in the right direction.
LGdrummer
New User
New User
 
Posts: 4
Joined: Fri Aug 13, 2010 12:19 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by XORMeBaby on Thu Aug 19, 2010 1:46 pm
([msg=43943]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

LGdrummer wrote:other people have been told to check the source code. i did that but i dont know what im supposed to be looking for. can someone please point me in the right direction.

Read the mission info.

Also, broken images means you are getting close but still not accessing it right.
XORMeBaby
Experienced User
Experienced User
 
Posts: 96
Joined: Thu Jul 22, 2010 11:32 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by the0nlyb0ss on Mon Sep 06, 2010 4:36 pm
([msg=45173]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

People keep saying you need to join two tables.... but wtf is the second table?? :cry:
also... i hope this isnt much of a spoiler, but am i supposed to type the SQL command after the '?' or after the 'category=' part??
Thanks :shock:
"Knowledge is knowing that a tomato is a fruit, but Wisdom is knowing not to put it in a fruit salad."
User avatar
the0nlyb0ss
Experienced User
Experienced User
 
Posts: 54
Joined: Thu Sep 02, 2010 11:24 pm
Location: California
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Dav3minga on Wed Oct 13, 2010 5:00 pm
([msg=47472]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

the0nlyb0ss wrote:People keep saying you need to join two tables.... but wtf is the second table?? :cry:
also... i hope this isnt much of a spoiler, but am i supposed to type the SQL command after the '?' or after the 'category=' part??
Thanks :shock:


Read the post entirely. i did it and was very helpful.
So after many and many hours, i understand the "order by" trick. Pay attention to documentation links, and read all. Read and understand.
The evil that men do lives after them; The good is oft interred with their bones -=William Shakespeare=-
Image
User avatar
Dav3minga
New User
New User
 
Posts: 7
Joined: Sun Oct 10, 2010 11:46 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by ktm on Wed Nov 17, 2010 10:24 pm
([msg=49061]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Why is it necessary to union the two tables in the first place?
ktm
New User
New User
 
Posts: 2
Joined: Wed Nov 17, 2010 5:23 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Nathalos on Tue Dec 28, 2010 8:17 am
([msg=51256]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I'm stumped. Still can't figure out how to perform the injection. I know where to do it now, but formatting it is a pain.

I've been trying to emulate a valid query by replacing the original page's
2
with
2' AND '1' = '1
or
2'; --

but both of those return an invalid query - returns me a single broken image - so I can't figure out the syntax of the original query, and if I can't figure out the syntax of the original query, I can't figure out how to write a valid query-fragment to inject. The only thing I've noticed is that an empty query (using 3) returns a different result from an erroneous query (like the examples above), but that doesn't help at all.

I'm really, really stuck here. Help!
Nathalos
New User
New User
 
Posts: 7
Joined: Tue Dec 28, 2010 5:19 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by msbachman on Tue Dec 28, 2010 10:49 pm
([msg=51303]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Nathalos wrote:I'm stumped. Still can't figure out how to perform the injection. I know where to do it now, but formatting it is a pain.


Edit: I reread your post and you'd do better to just re-read the last two to three pages on this thread. I don't think you're close enough to get a final nudge. Hint you are quite a bit off on those lines you listed above.
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 681
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Nathalos on Wed Dec 29, 2010 10:03 pm
([msg=51330]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

msbachman wrote:
Nathalos wrote:I'm stumped. Still can't figure out how to perform the injection. I know where to do it now, but formatting it is a pain.


Edit: I reread your post and you'd do better to just re-read the last two to three pages on this thread. I don't think you're close enough to get a final nudge. Hint you are quite a bit off on those lines you listed above.


Will give it another shot. Thanks.

Edit: DAMMIT, now I see what I was doing wrong. So simple... but I never considered the possibility that the original query was formatted that way. *facepalm* Thanks.
Nathalos
New User
New User
 
Posts: 7
Joined: Tue Dec 28, 2010 5:19 am
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests