Valhalla Forum - Challenge 1

Home News Articles Codes Affiliates Full Disclosure Forum Community Tools

IP-Info

IP-Info is a website where you can find out what your IP is as well as your user agent and information about your browser and OS. The site also has tools for looking up information about a particular IP and reverse DNS lookups. There is also a tool where you can check "is this site down" and numerous informative articles.

Die Seite gibt es auch auf Deutsch: Wie ist meine IP

Valhalla Core Utils Library

Check out the Valhalla Core Utils Library now! Our PHP library has many easy-to-use classes for tasks such as handling Memcached and MySQL connections, making cURL requests, and much more!

Check it out the documentation on the Valhalla Core Utils Website.

View the code in our Git repository here.

Home

Forum

SQLInjection Challenges

Challenge 1

chest3r

Member
Registered: 16.10.15 16:31
Timezone: UTC +0
Posts: 1

Posted on 16.10.15 17:25

Hello I have been trying to complete this challenge and am pretty sure I know exactly what's going on.

Scenario:
1. I type my SQL statement inside the "Poke" textbox, UPDATE Users SET username="test", password="test";
essentially this should update all of the username and password fields in the SQLite Database before i authenticate.

however the same error message keeps on popping up 'You do not have sufficient privileges to see this information.'

Is everything working properly for Challenge 1? Also what am i doing wrong? Any hints would be appreciated.

ynori7

Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 154

Posted on 18.10.15 15:06

It sounds like you're forgetting that the value from the Poke textbox is being use in a SQL statement already, so you need to figure out how to terminate that statement and inject your own.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg

Member
Registered: 15.01.12 20:07
Timezone: UTC +2
Posts: 14

Posted on 19.11.15 05:03

Also, you should consider the case where the User database is empty, so there is nothing to update.

1

Tweets

Follow @HallsOfValhalla

Feb 10
Igal Tabachnik @hmemcpy

Holy. Effin. Shit. bleepingcomputer.com/news/security/… https://t.co/T5uavNBIj1
Feb 09
Valhalla @HallsOfValhalla

Seems like an interesting idea. The "supercookie", leveraging the modern browser's special cache for favicons. github.com/jonasstrehle/s…
Jan 26
Valhalla @HallsOfValhalla

scottfinlayauthor.com/articles/hacki… #infosec #CyberSecurity #phishing #privacy #hacking #security #movies
Jan 24
Scott Finlay @SFinlayAuthor

Hackers are by far one of the most falsely-represented things in media of all forms. It's time to shed some light o… twitter.com/i/web/status/1…
Jan 17
Scott Finlay @SFinlayAuthor

Everyone has used software and read a novel, but it may surprise you to learn just how similar the processes are.… twitter.com/i/web/status/1…