Home News Articles Codes Affiliates Full Disclosure Forum Community Tools
IP-Info

IP-Info is a website where you can find out what your IP is as well as your user agent and information about your browser and OS. The site also has tools for looking up information about a particular IP and reverse DNS lookups. There is also a tool where you can check "is this site down" and numerous informative articles.

Die Seite gibt es auch auf Deutsch: Wie ist meine IP

Valhalla Core Utils Library

Check out the Valhalla Core Utils Library now! Our PHP library has many easy-to-use classes for tasks such as handling Memcached and MySQL connections, making cURL requests, and much more!

Check it out the documentation on the Valhalla Core Utils Website.

View the code in our Git repository here.

>
>
>

SQL1 Clarification


Xanatos
Member
Registered: 03.12.12 14:12
Timezone: UTC +1
Posts: 13
Posted on 08.01.13 08:44

I'm kinda unclear about what 'poking' means on the SQL Injection 1 chall. Could someone please explain it? I assume it must be important otherwise it wouldn't be there.

Thanks in advance. smile


Xanatos
Member
Registered: 03.12.12 14:12
Timezone: UTC +1
Posts: 13
Posted on 08.01.13 08:44

I'm kinda unclear about what 'poking' means on the SQL Injection 1 chall. Could someone please explain it? I assume it must be important otherwise it wouldn't be there.

Thanks in advance. smile


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 141
Posted on 08.01.13 10:17

All that really matters is that the poking thing basically just performs a write (e.g. INSERT, UPDATE, DELETE) on a table while you attempt to authenticate.

I'll give you a hint that this is a SQLite database, so maybe you can try googling a bit to see how something like updating is done in SQLite in PHP and how you could exploit that.

i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 141
Posted on 08.01.13 10:17

All that really matters is that the poking thing basically just performs a write (e.g. INSERT, UPDATE, DELETE) on a table while you attempt to authenticate.

I'll give you a hint that this is a SQLite database, so maybe you can try googling a bit to see how something like updating is done in SQLite in PHP and how you could exploit that.

i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg


Xanatos
Member
Registered: 03.12.12 14:12
Timezone: UTC +1
Posts: 13
Posted on 09.01.13 08:13

Ah! I just figured it out. Thanks!

A hint for others, the poke thing gets executed right before the login is done.


Xanatos
Member
Registered: 03.12.12 14:12
Timezone: UTC +1
Posts: 13
Posted on 09.01.13 08:13

Ah! I just figured it out. Thanks!

A hint for others, the poke thing gets executed right before the login is done.