Axino.net

In previous mission we used some simple SQL this time we will use almost the same principle as before.Here is the introduction to the mission:

This time Drake invented a secure PHP and mySQL login, so only his family can login, but the script wasn’t as secure as he thought it would be.

First thing first let’s try and enter some password.

We obtain following result:

Please Login

SQL Query Error: SELECT * FROM family_db WHERE password=’ffdfd’
Your Password was not found in our database
Wrong SQL query

Now, form the obtained SQL query we may notice that the name of the database is: family_db and SQL query executed.

If we try to enter our simple SQL injection ‘ OR 1=1 we may notice that this will not work on the script. So let’s examine code of the error page now.

If you examine source code closely you may notice following line

<!-- ?sql_query -->Wrong SQL query

So the first commented out part probably gives you hint that you should use GET variables.

After you figured this out try entering the following URL:

http://www.hellboundhackers.org/challenges/basic8/secure-area.php?sql_query=SELECT * FROM family_db

I would like also to explain SQL query to the beginners

SELECT * FROM family_db

This SQL query in fact reads all values in rows and columns from the family_db table.

Obtained page after entering url is:

Your password is KingKong

Try entering received password.

+30 points

Similar Posts:

• Basic web hacking 5 :: asterix the wildcard
• Basic web hacking 9 :: null poison byte
• How to grant privilege to users on MySQL database
• Connect to mysql database in java
• Basic web hacking 7 :: double login