help please

i have the same probleme i’m lost!!

Learn sql injection

are they any tutorials about that in this web site? i mean i knowwhat is SQL and how it works and i know that i should change the pass permission from 0 to 1 only i don’t know where to star or what to use in order to make it works??

lvl 1 is just basic!! >> since i cant give you answer i will give as good as hints as i can without giving away answer So a simple sqli code that you can use is [removed] Since it says log in as anyone this will trick it into thinking you are signing in as someone!!!! talk about vulnerable

Admin: removed solution

[removed]
thnx ^^
Admin: posting solutions, for any level, is not allowed.

If you are stuck, then google for SQL injection or have a look at the Wikipedia article about it. This level is absolute basic, so you are bound to find an example that works, even if you don’t understand what’s going on. And by reading the google results or the wikipedia article, you might even learn something.

the sql is to write a query like this ‘or’ ‘1’=‘1 and many others query try them all

well ‘ or 1=1– is usually used to evaluate a boolean condition if you know programming you will understand what i mean if you need help you can pm me anytime you want i’m here almost all day everyday

UNION ALL can be used in real life ORDER BY , GROUP BY etc

if i am hacking a website and i want to know how many rows etc are in the query ill do this|

http://www.targetsite.com/index.php?id=6 order by 15–

if it is returning an error that says the number of columns is not found adjust downwards till you find them

than do this

http://www.targetsite.com/index.php?id=6 union all 1,2,3,4,5,6,7,8,9,10–

if it works you should see numbers pop up on the page in the vulnerable columns etc than we try this

http://www.targetsite.com/index.php?id=6 union all 1,@@version,USER(),4,5,6,7,8,9,10–

etc this is out of my head so if i’m off let me know but its the basics and don’t get discouraged by sites that return no error

its called blind injection you can usually evaluate this wit ha hashed version of the first page etc i have done this in perl and have a module you can use if you want to try to figure out if it is trying to redirect or id the responses differ etc if i helped let me know if not tell me to fuck off lol either way i love this community and helping and getting help

i completed the first level without using that OR = 1, it was easy that i thought

fuck u
i dont undrstnd

hackdcomputer made me laugh, calm down mate and look at what oxide said, also there is an article on SQLi in the article section.

Google this: “bypass login using SQL injection” … or
read this:
http://hackw0rm.blogspot.it/2013/02/bypass-login-using-sql-injection-strings.html
Cut&Paste
:o)

+1 for oxide , brief intro on SQL Injection :)

always true attack