Home News Articles Codes Affiliates Full Disclosure Forum Community Tools
IP-Info

IP-Info is a website where you can find out what your IP is as well as your user agent and information about your browser and OS. The site also has tools for looking up information about a particular IP and reverse DNS lookups. There is also a tool where you can check "is this site down" and numerous informative articles.

Die Seite gibt es auch auf Deutsch: Wie ist meine IP

Valhalla Core Utils Library

Check out the Valhalla Core Utils Library now! Our PHP library has many easy-to-use classes for tasks such as handling Memcached and MySQL connections, making cURL requests, and much more!

Check it out the documentation on the Valhalla Core Utils Website.

View the code in our Git repository here.

>
>
>

Challenge 1


chest3r
Member
Registered: 16.10.15 16:31
Timezone: UTC +0
Posts: 1
Posted on 16.10.15 17:25

Hello I have been trying to complete this challenge and am pretty sure I know exactly what's going on.

Scenario:
1. I type my SQL statement inside the "Poke" textbox, UPDATE Users SET username="test", password="test";
essentially this should update all of the username and password fields in the SQLite Database before i authenticate.

however the same error message keeps on popping up 'You do not have sufficient privileges to see this information.'

Is everything working properly for Challenge 1? Also what am i doing wrong? Any hints would be appreciated.


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 144
Posted on 18.10.15 15:06

It sounds like you're forgetting that the value from the Poke textbox is being use in a SQL statement already, so you need to figure out how to terminate that statement and inject your own.

i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg


FakeMessiah
Member
Registered: 15.01.12 20:07
Timezone: UTC +2
Posts: 14
Posted on 19.11.15 05:03

Also, you should consider the case where the User database is empty, so there is nothing to update.

i.imgur.com/JJQwa.png