got username but still cant login

SQLi 2

w3bdrill3r
9 years ago

0

i got the username of the admin using injection, using same query when i try to get password, the reply is empty :(

anyone can help please ?

10replies
6voices
320views
w3bdrill3r
9 years ago

0

i did it :D
if any one will have the same problem then try to use UNION ALL SELECT, not UNION SELECT

SkyRamon
9 years ago

0

i did the following.if you want to figure it out by yourself dont watch.

i tried http://www.hackthis.co.uk/levels/s2.php?browse&q=‘ UNION ALL SELECT 1,2– and it didnt work i only got the name but cant find te password and i dont know how to find it

Wibben
9 years ago

0

think about it, what did UNION ALL SELECT return? Why sis you use UNION ALL SELECT 1,2–? oh and the column names are username, admin, and password just to let you know.

jack222
9 years ago

0

first I taught to use havij.rar, but then i taught using havij wont be a wise thing to do because it wont help me to learn SQL, this is just a short cut of find the username and password.

jeadelmer
9 years ago

0

try something else and proceed to the problem and it will start…

just try..

PEACE

? [FreakILL]
9 years ago

0

Just try to pick it directly from the password column
You can add a condition to the end that you just get the password of the user with the name of the admin so it should be pretty easy when you are already into it

Wibben
9 years ago

0

one way to do it is to find the admins, the admin’s username, and password separately, or the second way is to use a WHERE statement to get the admin’s username, then the password. A note here should be that one tries to find them one at a time, and from the same vulnerability. I think I’ve already said too much

? [FreakILL]
9 years ago

0

Easy anyway.. You just have to get into it after doing that it’s pretty easy.
You should always start with generating an error to see what the SQL part looks like.. Then you can easily inject it and find first the admin then the password..

Wibben
9 years ago | edited 9 years ago

0

I don’t know if we’re allowed to tell this, but the password is in >> SHA-1

? [FreakILL]
9 years ago

0

Don’t think this will be any problem.. when you got the password then there are many ways to find its real value.
But I wouldn’t call it ‘encrypted’ still sounds like you could decrypt it and that’s not really possible.

You must be logged in to reply to this discussion. Login
1 of 11

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss