Username: 
Password: 
Restrict session to IP 

What do I DO  Go to the Training: MySQL I challenge

Global Rank: 6388
Totalscore: 1953
Posts: 8
Thanks: 5
UpVotes: 5
Registered: 1y 301d
Last Seen: 1y 272d
The User is Offline
What do I DO
Google/translate1Thank You!1Good Post!0Bad Post! link
What am I meant to do here? I've exhausted every resource I could find on SQL injection and the only thing I can get is a database error.
Global Rank: 32
Totalscore: 314526
Posts: 183
Thanks: 184
UpVotes: 206
Registered: 16y 297d
livinskull`s Avatar





Last Seen: 21h 44m
The User is Offline
RE: What do I DO
Google/translate1Thank You!2Good Post!0Bad Post! link
Maybe take your time and don't try to rush things Smile

This is based on one of the simplest SQLI techniques, which is also the most widespread thing you should find when researching.
But of course, you can't just always simply copy paste a solution and hope that it works.

A database error is a good start, actually.
Check out the source code, and look where and how you can potentially influence the query executed.
Global Rank: 6388
Totalscore: 1953
Posts: 8
Thanks: 5
UpVotes: 5
Registered: 1y 301d
Last Seen: 1y 272d
The User is Offline
RE: What do I DO
Google/translate1Thank You!1Good Post!0Bad Post! link
Yeah, uh, problem with that, I'd already tried to use the source code to come up with my own input, and uh

Didn't work, gave the error again
Global Rank: 1
Totalscore: 758910
Posts: 437
Thanks: 497
UpVotes: 470
Registered: 15y 152d












The User is Offline
RE: What do I DO
Google/translate1Thank You!2Good Post!0Bad Post! link
I'd say the best way to understand what is happening is to run the code locally. That way you can debug it a bit (e.g. add some extra output) to see what is really happening.

Now, to really run the same code locally might be a bit involved, but setting up your own webserver with PHP and SQL will be useful for more than just this challenge. If you don't want to go that far now, you can get a long way by playing with online sandboxes that are available these days. Just make sure that for SQL the sandbox is using the same language variant as the challenge is (MySQL or MariaDB).
Global Rank: 227
Totalscore: 94360
Posts: 1684
Thanks: 1360
UpVotes: 920
Registered: 16y 314d




Last Seen: 1d 11h
The User is Offline
RE: What do I DO
Google/translate0Thank You!1Good Post!0Bad Post! link
I'd break a quote for this: 'Good Luck's'!
The geeks shall inherit the properties and methods of object earth.
tunelko, jjsorianor, Redknee, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 1367 times.