Certified Secure Challenges - Over challenges en dergelijke

Date my ports (at 75%)

19-02-2019, 14:54 door sash, 4 reacties
I am stuck at 75% for a long time. I am unable to do the SQL Injection . Tried all possible ways. Can someone give me a hint on how to proceed?
Reacties (4)
20-02-2019, 11:32 door Anoniem
We can't tell you how it is done, but think about this:

- Which field is vulnerable?
- What is the SQL statement that is being executed when everything is normal?
- What is the normal behaviour of the fields?
- Where/how can I see things that aren't visible?

Or else look for help in the IRC channel

Hope this helps
21-02-2019, 11:20 door sash
Door Anoniem: We can't tell you how it is done, but think about this:

- Which field is vulnerable?
- What is the SQL statement that is being executed when everything is normal?
- What is the normal behaviour of the fields?
- Where/how can I see things that aren't visible?

Or else look for help in the IRC channel

Hope this helps

Thanks for the info. But I dont understand what you meant by "SQL executed when everything is normal". I found out that there are hidden fields in the form and it is POST data. But no SQL query is giving any results.
21-02-2019, 16:11 door Anoniem
Door sash:
Door Anoniem: We can't tell you how it is done, but think about this:

- Which field is vulnerable?
- What is the SQL statement that is being executed when everything is normal?
- What is the normal behaviour of the fields?
- Where/how can I see things that aren't visible?

Or else look for help in the IRC channel

Hope this helps

Thanks for the info. But I dont understand what you meant by "SQL executed when everything is normal". I found out that there are hidden fields in the form and it is POST data. But no SQL query is giving any results.

Have you looked on stackoverflow? You'd have more luck posting your question there. Good luck!
21-02-2019, 22:02 door Anoniem
Door Anoniem:

Thanks for the info. But I dont understand what you meant by "SQL executed when everything is normal". I found out that there are hidden fields in the form and it is POST data. But no SQL query is giving any results.

What is the normal behaviour of the form?
Maybe you’re looking in the wrong place.
Look in the IRC channel for extra help. The solution won’t be told here
Reageren

Deze posting is gelocked. Reageren is niet meer mogelijk.