Dashboard Articles Playground Discussions More
Follow

do you need username and password or are you meant to bypass password?

SQLi 2

blinkingthings
5 years ago

0

based on my reading here I was able to figure out which username is admin.

based on this reading, I think I’ve narrowed down the password. What I think are the user/pass combo won’t pass login. The pass looks like a hash of some sort but I can’t extract any plaintext from it or decrypt it in anyway that makes sense.

Should I continue pursuing this hashed password or were we meant to bypass the password field using injection after discovering the admin user?

Thanks!

4replies
3voices
203views
Mugi [Mugiwara27]
5 years ago

0

Hello!

Send me in pm your combo username:password and I’ll tell you

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

dimooz
5 years ago

0

@Mugiwara27, you’re so nice… I'ld rather have answered something like “try to figure it out by yourself” ^^

 

Image

Mugi [Mugiwara27]
5 years ago

1

It was so hard to learn when I had nobody to help me, so I’m gonna be the helper I never encountered :)

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

blinkingthings
5 years ago

0

Thanks @Mugiwara27

I overlooked something simple/obvious.

Discussion thread has been locked. You can no longer add new posts.
1 of 5

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss