Home News Articles Codes Affiliates Full Disclosure Forum Community Tools
IP-Info

IP-Info is a website where you can find out what your IP is as well as your user agent and information about your browser and OS. The site also has tools for looking up information about a particular IP and reverse DNS lookups. There is also a tool where you can check "is this site down" and numerous informative articles.

Die Seite gibt es auch auf Deutsch: Wie ist meine IP

Valhalla Core Utils Library

Check out the Valhalla Core Utils Library now! Our PHP library has many easy-to-use classes for tasks such as handling Memcached and MySQL connections, making cURL requests, and much more!

Check it out the documentation on the Valhalla Core Utils Website.

View the code in our Git repository here.

>
>
>

Challenge 2


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 159
Posted on 15.11.13 16:55

When you have code like this:

mysql_query("select a from b where b.username='$x' and b.password='$y'")

And you enter Admin' " );-- then you'll get:

mysql_query("select a from b where b.username='Admin' \" );--' and b.password='whatever'")

and that's invalid syntax for a SQL query. You're just able to insert SQL code, not PHP code.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 159
Posted on 15.11.13 16:55

When you have code like this:

mysql_query("select a from b where b.username='$x' and b.password='$y'")

And you enter Admin' " );-- then you'll get:

mysql_query("select a from b where b.username='Admin' \" );--' and b.password='whatever'")

and that's invalid syntax for a SQL query. You're just able to insert SQL code, not PHP code.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg


khr0x40sh
Member
Registered: 13.05.14 15:00
Timezone: UTC +0
Posts: 2
Posted on 16.05.14 20:47

Is the username case sensitive and is the user name literally "Admin"?


khr0x40sh
Member
Registered: 13.05.14 15:00
Timezone: UTC +0
Posts: 2
Posted on 16.05.14 20:47

Is the username case sensitive and is the user name literally "Admin"?


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 159
Posted on 18.05.14 13:33

khr0x40sh wrote:
Is the username case sensitive and is the user name literally "Admin"?

Well part of the challenge is figuring that out, but yeah, you should assume that.

And just FYI, the SQL injection challenges were not working properly due to updates. They should be fixed now.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 159
Posted on 18.05.14 13:33

khr0x40sh wrote:
Is the username case sensitive and is the user name literally "Admin"?

Well part of the challenge is figuring that out, but yeah, you should assume that.

And just FYI, the SQL injection challenges were not working properly due to updates. They should be fixed now.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg


khr0x40sh
Member
Registered: 13.05.14 15:00
Timezone: UTC +0
Posts: 2
Posted on 19.05.14 13:26

ynori7 wrote:
And just FYI, the SQL injection challenges were not working properly due to updates. They should be fixed now.

This makes me so mad, angry lol, glad it is working now.


khr0x40sh
Member
Registered: 13.05.14 15:00
Timezone: UTC +0
Posts: 2
Posted on 19.05.14 13:26

ynori7 wrote:
And just FYI, the SQL injection challenges were not working properly due to updates. They should be fixed now.

This makes me so mad, angry lol, glad it is working now.