basic SQL injection question

**amd0freak** · 06-20-2007, 08:03 PM

ok so i tried "1=1" as the password for teh admin directory of a phpBB forum, didnt work, but when i tried "0" as the password, it worked! i got logged in. says i dont have permission to delete some stuff. i managed to delete many tables but there were still lots of stuff it said i had no permission to modify. i am in phpMyAdmin, logged in. what else can i do?

**pad** · 06-20-2007, 08:04 PM

you should probably ask mx

see user title

**amd0freak** · 06-20-2007, 08:06 PM

well he's banned, right? and yeah i heard what happened.

**chad** · 06-20-2007, 08:08 PM

that's odd are you saying by inputting '0' in the password field you were logged in?

**amd0freak** · 06-20-2007, 08:09 PM

yeah. it was weird. i guess it used the while(0) loop in the PHP...instead of the common while(1=1) for a perpetually true statement

i tried "1=1" as the password, said invalid password
i tried "0" it worked
tried random shit, didnt work
tried "0" again with no username and it worked...again.
so then i started deleting shit. deleted some stuff others says i cant (see op_