scatching my head

ghoststalker
11 years ago

0

i dono iv tried admin and 1'or'1'=‘1
and a bunch of others im gonna do something i dont normally do can some one help me out :)

CygnusH33L
11 years ago

0

Where are you trying to inject that code too? have a look at this thread, quite a few clues have been posted :D

I would love to change the world, but they won’t give me the source code.

ghoststalker
11 years ago

0

been tring the un and pw tried the url no go

ghoststalker
11 years ago

0

ORDER BY column number 3 out of range - should be between 1 and 2
DEBUG: SELECT username, admin FROM members WHERE username LIKE ‘a’ order by 3–%‘ this is what im getting i put 1 no members found same with 2 says to chose a name with 'a’ nothing there dangit iv come so far to get stuck:(

fallenonehf
11 years ago

0

First line of error means that it has 2 columns.
Why do we have to know this? Because when we want to get information from the database we use:
q=a' union all select 1,2– this way we can select the columns in the database.
Now when you do this, you’ll get ‘1’ as a response which means that column 1 is vulnerable.
You have to learn how to exploit MSQL servers in order to complete this level, here is a great article of damage:
http://www.hackthis.co.uk/articles/about-sql-injections-with-ms-sql-server

just a 13 year old kid.

ghoststalker
11 years ago

0

thanks ill try in figur out from that

some one [darthvidre]
11 years ago

0

fallenonehf ok bro we all got to that 1 thing but the problem is what next please some help?? and please don’t tell me to read the article because i did and it was useful to some point

ghoststalker
11 years ago

0

lol still working on it cant seem to find the admin name i found the place and 1 cant seem to figure this one out ,i guess i flunk lol

some one [darthvidre]
11 years ago

0

lol indeed i’m working on it right now

[deleted user]
11 years ago

0

All you guys that are having problems solving this level, there is like fallenonehf said a good article by daMage here: daMage’s article

There is also a website I had a look at too and I learned quite a bit from it too.
It is here: It is called SQL Injection Cheat Sheet. Worth a read.

Another good source to learn UNION is from here: w3schools

ghoststalker
11 years ago

0

actualy iv been studying that and trying different things and i still nada nothing nigh ne'tienda

[deleted user]
11 years ago

0

Keep it up mate and you will crack it and feel better for it because you did it yourself. :)

ghoststalker
11 years ago

0

i hope i think i may crack lol im not the type that lets things go guess ya could say ima cracker amongst other things

valentinhot
11 years ago

0

salut je sait pas si sa peux aider ya un site qui s'appelle jenerateur credit card yas des code est touts mais enfin pour mois je narive pas a le faire fonctionner

Gremall
11 years ago

0

Salut valentinhot, il faut que tu rives en anglais pour que les autres puissent te comprendre ;)
“This is an English-only forum, all posts containing other languages will be removed”

Thomas [25thomasoooo]
11 years ago

0

some one help me i enter this URL

http://www.hackthis.co.uk/levels/s2.php?browse&q=a%27%20union%20all%20select%201,2--

and i got “1” i know that means theirs one vulnerable. column but i don’t know where to go from there???

14 Year Old WhiT3 HaT HAcK3R LoV3 LiF3!!

Mikey * [StonedNinjaLUFC]
11 years ago

0

your on the right track, but there is more then 1 column ;)

Skip [Sirskip]
11 years ago

0

why might i get the error
unrecognized token: “@”

Pawda [Memoria]
11 years ago

0

maybe because “@” is an unrecognized token xD

Skip [Sirskip]
11 years ago

0

Thanks, would have never thought of that

SQLi 2

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0