Page 5 of 52

Re: Working On Finding Emails

PostPosted: Sun May 25, 2008 10:15 pm
by Logician
Damascus2k8 wrote:
Karate-Boy wrote:Can somebody help me to receive the e-mails? I know it must be done with a SQL Injection, but nothing works :(


If you are doing it right, the page should come up with what looks like invalid/blank images, so just check the page source for your answers.


I'm really stuck on this one! :oops:
I see the broken image (not images) and look in the source and the emails aren't there.
I think it is a syntax problem with my SQL injection. :|
I'm using the SELECT * FROM email statement.
I apologize for any spoilers! (I haven't said anything that hasn't been said elsewhere.)
any help? (PM me if you think it is a spoiler)

Re: Working On Finding Emails

PostPosted: Mon May 26, 2008 1:49 pm
by Damascus2k8
Logician wrote:I'm really stuck on this one! :oops:
I see the broken image (not images) and look in the source and the emails aren't there.
I think it is a syntax problem with my SQL injection. :|
I'm using the SELECT * FROM email statement.
I apologize for any spoilers! (I haven't said anything that hasn't been said elsewhere.)
any help? (PM me if you think it is a spoiler)


You're on the right track Logician, but you need more in that statement, you are trying to get the contents of another table except the products one, try googling for the 'UNION' command to join queries together.

And a hint on how to get that other tables name: hmmm maybe you should join the mailing list?

I have just submitted an article on this mission as ive seen a few people having difficulties wih this one, so check the HTS articles section often. (don't know how long it takes for them to be accepted)

Hope that helps without giving too much away :D

Re: Working On Finding Emails

PostPosted: Thu May 29, 2008 3:23 pm
by rip06
Damascus2k8 wrote:
Logician wrote:I'm really stuck on this one! :oops:
I see the broken image (not images) and look in the source and the emails aren't there.
I think it is a syntax problem with my SQL injection. :|
I'm using the SELECT * FROM email statement.
I apologize for any spoilers! (I haven't said anything that hasn't been said elsewhere.)
any help? (PM me if you think it is a spoiler)


You're on the right track Logician, but you need more in that statement, you are trying to get the contents of another table except the products one, try googling for the 'UNION' command to join queries together.

And a hint on how to get that other tables name: hmmm maybe you should join the mailing list?

I have just submitted an article on this mission as ive seen a few people having difficulties wih this one, so check the HTS articles section often. (don't know how long it takes for them to be accepted)

Hope that helps without giving too much away :D


I can't seem to find that article:( still i'm stuck i get the broken image but no code i the source....any hints?

Re: Working On Finding Emails

PostPosted: Thu May 29, 2008 6:10 pm
by Damascus2k8
My apologies, i meant search for the 'UNION ALL' command :D

There isn't much i can say without basically giving you the command to use so, go here, then try and picture what the code would look like in the PHP file.

If you are getting the broken image then you are obviously on the right track so,
after knowing what the 'UNION ALL' command does you should have no trouble combining it with what you are already using, thus getting what you want.

Hope that helps. If not you know what to do? (PM...duh!) ;)

Btw: The article got rejected (too many spoilers i guess... :( ) so sorry about that.

Re: Working On Finding Emails

PostPosted: Thu May 29, 2008 9:25 pm
by dr_monstor
Hi there
I have no idea to send the private message to SaveTheWhales. And I don't know why it shows me the erro message "You must specify a subject when composing a new message." and "No recipient defined", when I sent the private message. So disable "Do not automatically parse URLs" already, if don't do it, error message as "Your message contains too many URLs. The maximum number of URLs allowed is 7."

Thx alot
dr_monstor

Re: I found the list...

PostPosted: Thu May 29, 2008 9:43 pm
by dr_monstor
Done it, you can send the private message in your profile :!: :!:

Re: Working On Finding Emails

PostPosted: Fri May 30, 2008 5:02 pm
by Damascus2k8
dr_monstor wrote:Hi there
I have no idea to send the private message to SaveTheWhales. And I don't know why it shows me the erro message "You must specify a subject when composing a new message." and "No recipient defined", when I sent the private message. So disable "Do not automatically parse URLs" already, if don't do it, error message as "Your message contains too many URLs. The maximum number of URLs allowed is 7."

Thx alot
dr_monstor


You have to use the old messaging system on the main page under skin chooser, not the new phpBB system. You can put whatever you want in the subject box but make sure you get the recipient right.

Hope that helps
Greetz.

Re: Working On Finding Emails

PostPosted: Thu Jun 05, 2008 10:46 pm
by Sk1pp3r
Still having trouble with this one.. I know I'm close.

I've successfully crafted a statement (just as a sanity check that I've got the syntax right, and going down the right path), that uses the UNION ALL command, and SELECT * FROM PRODUCTS. What returns essentially is all of the .jpg images on one page, and infact, even displays some duplicate .jpg files, as it should when using UNION ALL command (which, in and of itself was a minor victory).

Now, I'm still struggling to replace PRODUCTS with the right thing. I've gone to the main page, and "experimented" with the input field, so I'm fairly certain I'm using the right table name. And I've tried every permutation of case sensitivity (including using double quotes and without). The "source" just never reveals anything.

Gentle prodding anyone?

Re: Working On Finding Emails

PostPosted: Fri Jun 06, 2008 5:19 pm
by carltherune
I know that I need SELECT and UNION but I don't know the name of the tables.

Re: Working On Finding Emails

PostPosted: Fri Jun 06, 2008 7:08 pm
by Sk1pp3r
Just a quick hint on learning the tables. Take a look at the process that you would use to join the mailing list. Take note of when it works correctly, and when it doesn't. That might give you a clue.