Challenge 2


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 159

When you have code like this:

mysql_query("select a from b where b.username='$x' and b.password='$y'")

And you enter Admin' " );-- then you'll get:

mysql_query("select a from b where b.username='Admin' \" );--' and b.password='whatever'")

and that's invalid syntax for a SQL query. You're just able to insert SQL code, not PHP code.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 159

When you have code like this:

mysql_query("select a from b where b.username='$x' and b.password='$y'")

And you enter Admin' " );-- then you'll get:

mysql_query("select a from b where b.username='Admin' \" );--' and b.password='whatever'")

and that's invalid syntax for a SQL query. You're just able to insert SQL code, not PHP code.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg


khr0x40sh
Member
Registered: 13.05.14 15:00
Timezone: UTC +0
Posts: 2

Is the username case sensitive and is the user name literally "Admin"?


khr0x40sh
Member
Registered: 13.05.14 15:00
Timezone: UTC +0
Posts: 2

Is the username case sensitive and is the user name literally "Admin"?


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 159

khr0x40sh wrote:
Is the username case sensitive and is the user name literally "Admin"?

Well part of the challenge is figuring that out, but yeah, you should assume that.

And just FYI, the SQL injection challenges were not working properly due to updates. They should be fixed now.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 159

khr0x40sh wrote:
Is the username case sensitive and is the user name literally "Admin"?

Well part of the challenge is figuring that out, but yeah, you should assume that.

And just FYI, the SQL injection challenges were not working properly due to updates. They should be fixed now.

halls-of-valhalla.org/beta/bundles/valhallabase/img/sigs/archenemysig.jpg


khr0x40sh
Member
Registered: 13.05.14 15:00
Timezone: UTC +0
Posts: 2

ynori7 wrote:
And just FYI, the SQL injection challenges were not working properly due to updates. They should be fixed now.

This makes me so mad, angry lol, glad it is working now.


khr0x40sh
Member
Registered: 13.05.14 15:00
Timezone: UTC +0
Posts: 2

ynori7 wrote:
And just FYI, the SQL injection challenges were not working properly due to updates. They should be fixed now.

This makes me so mad, angry lol, glad it is working now.