Challenge 1


chest3r
Member
Registered: 16.10.15 16:31
Timezone: UTC +0
Posts: 1

Hello I have been trying to complete this challenge and am pretty sure I know exactly what's going on.

Scenario:
1. I type my SQL statement inside the "Poke" textbox, UPDATE Users SET username="test", password="test";
essentially this should update all of the username and password fields in the SQLite Database before i authenticate.

however the same error message keeps on popping up 'You do not have sufficient privileges to see this information.'

Is everything working properly for Challenge 1? Also what am i doing wrong? Any hints would be appreciated.


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 168

It sounds like you're forgetting that the value from the Poke textbox is being use in a SQL statement already, so you need to figure out how to terminate that statement and inject your own.

i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg


FakeMessiah
Member
Registered: 15.01.12 20:07
Timezone: UTC +2
Posts: 17

Also, you should consider the case where the User database is empty, so there is nothing to update.

i.imgur.com/JJQwa.png