Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down
9

by ferminsr in Challenge Help about May 22, 2017 closed - report

Basic 24 - SQLi 4

Hi!

I've been trying this one for a very long time but I am completely stuck.

So far I know the table name where the info I'm looking for should be stored. I also know the query that the website runs to store the IP and useragent. I got the query from an error that I get constantly that says "Could not successfully run query **** from DB:". I don't understand the last part of this error and can't find any in.formation about it.

Any advice or help would be appreciated.

Thanks in advance!

Answers: 2 • Score 0 • Views: 563
Browse by
  • 116

    by Nightraven about May 23, 2017 Best answer

    DB = database. That should be obvious. Now, a quick Google tells you what the query does. Know that the actual query shown in the error is not, by itself, exploitable. What you need is a "second order SQL injection"

     

    Now Google away! ;)

  • 2

    by furiuz about May 23, 2017

    If you know the query, think about how to exploit that query!

    Copy - paste the query in a text editor to craft a valid one might help, running code locally might help as well.

    If you can't find any information about this, you did not look hard enough, tons of info out there..

Question was closed.