Jump to content

ajkaro

Active Members
 View Profile  See their activity

  • Posts

    102

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Everything posted by ajkaro

  1. ajkaro
    Target: aHR0cDovL3d3dy5uZXd0ZWNoLmNvbS5way9wcm9kdWN0LnBocD9wX2lkPTIxMw==Base64 decode it Tasks: display version with your name display what users with ID 100, 113, 116, 122, 126 has bought from computer store (display ID and name of each user, name of bought product, quantity and its price) Proof: Rules: use union select based SQLi post picture as proof and send me your syntax to PM don't share any part of the challenge until challenge is open don't ask for hints until challenge is open Solvers: -
  2. ajkaro
    Target: h~~p://indus[RST]trial[RST]implar.com.br/not[RST]icias-look.php?noticia=1 replace all ~ and remove all [RST] Tasks: display version with your nick name display numbered list of all tables in primary database for each table (displayed only once) show numbered list of its column names. Display column names for column #1, #4 and #5 (if they exists) and numbered them with 1. or 4. or 5. If column #4 (or #5) doesn't exists go to next table name. Display tables in blue color and each column name of the same table in different color for better reading (for example column name #1 in black, #4 in red and #5 in green) Proof: Rules: use union select based SQLi post picture as proof and send me your syntax to PM local variables may be used only for numbering, not for columns displaying logic don't share any part of the challenge until challenge is open don't ask for hints until challenge is open Solvers: -
  3. ajkaro
    After last few harder challenges here, here and here time is for easier challenge again Target: h~~p://w~w.cent[RST]eraw[RST]ards.org/gallery/gallery-2013.php?comp=10&artist=17581replace all ~ and remove all [RST] Tasks: display version with your name display number of tables in primary database() Proof: Rules: use union select based SQLi post picture as proof and send me your syntax to PM don't share any part of the challenge until challenge is open don't ask for hints until challenge is open Solvers: - Renegade - danyweb0909
  4. ajkaro
    Target: h~~p://port[RST]alyug[RST]ioh.com.br/2013/ran[RST]king.php?ran[RST]king=1replace all ~ and remove all [RST] Tasks: display version with your name display number of all databases display last three databases (excluding information_schema) display last three tables (with theirs records count) from primary database() Proof: Rules: use union select based SQLi post picture as proof and send me your syntax to PM your command should work without knowing anything about databases/tables on that site (no previous SQLi is needed or allowed) don't share any part of the challenge until challenge is open don't ask for hints until challenge is open Solvers: -
  5. ajkaro
    Your command to display version doesn't work for me. I sent you mine.
  6. ajkaro
    If you don't want to have problems displaying result from your injection in some column because of wrong data type, then we must know table definition. That is main part in this challenge and purpose of this (challenge) exercise... Target: h~~p://wond[RST]erlandthe[RST]mepark.com/wat[RST]erpark.php?wid=5replace all ~ and remove all [RST] Tasks: display numbered list of all tables in primary database (each table name should be display only once - see proof picture) display numbered list of all column names in every table (use different color as for table names) for each column display type of column (date, time, integer, decimal, char, varchar, text...) for column accepting integers display precision and scale (in separated columns) and mark them with label (precision) for column accepting characters/integers display maximum allowed length for input, mark such columns with (length) and put / in column scale (as it doesn't exists for that type of data) divide each table with horizontal line put header above table definition output with column titles Proof: Rules: use union select based SQLi post picture as proof and send me your syntax to PM HTML elements <table> <tr> <td> for building table with columns are not allowed Solvers: - Renegade (by PM)
  7. ajkaro
    You second code is correct.
  8. ajkaro
    Sorry my friend, wrong code.
  9. ajkaro
    Target: h~~p://w~w.ut[RST]ahnsfo[RST]rpublics[RST]chools.org/media/releases/release.php?rel=5&start=0replace all ~ and remove all [RST] Tasks: display version with your name display all tables in primary database with column name used for its primary index Proof: Rules: use union select based SQLi post picture as proof and send me your syntax to PM don't share information about challenge until the challenge is open Solvers: - danyweb09 - Bitmap
  10. ajkaro
    Target: aHR0cDovL3d3dy5kdXJhbC5jby5ycy9pbmRleC5waHA/dmlldz02OA== Tasks: display version with your name show numbered list of all tables in primary database if table has 10 or more records display records count after each table name, otherwise display (in different color) columns count after each table name and mark tables with less than 5 columns align columns for nicer output (see proof picture) Proof: Rules: use union select based SQLi post picture as proof and send me your command to PM don't share any part of the challenge until challenge is not closed Solvers: - Renegade - Bitmap - Danyweb0909
  11. ajkaro
    I promised tutorial. Here it is http://www.hackforums.net/showthread.php?tid=3785325 Challenge closed.
  12. ajkaro
    Thanks for the challenge
  13. ajkaro
    Thanks for the challenge.
  14. ajkaro
    I am writing tutorial about manipulation of SQLi output data. It will be published on HF (soon). There will be complete explanation for this (and my other similar) challenge(s)
  15. ajkaro
    Please: - use font courier (or any other monospaced font) for easier reading of your output - replace all _ with white spaces
  16. ajkaro
    Target: h~~p://w~w.hir[RST]ich.co.kr/deb[RST]ate/vod[RST]after.ls?mode=VIEW&page=1&bNo=100448&sType=&sKey=?xad=news_etodayreplace all ~ and delete all [RST] Task: display version with your name display number of tables in primary database with name of primary database (see proof picture) display total number in databases Proof: Rules: post picture as proof send me your command to PM your command should work without any previous SQLi on that site don't share any info regarding this challenge until challenge is open Don't expect any hints from me this time Solvers: -
  17. ajkaro
    That challenge is closed. Didn't you see remark about that? They removed WAF so now it isn't challenging any more... Plain basic injection...
  18. ajkaro
    Here is challenge (exercise) for basic data manipulation Target: h~~p://w~w.te[RST]s-u[RST]a.com/catalog.php?cat_id=5&brend=3 replace all ~ and remove all [RST] Tasks: display version with your name display all tables from primary database where more than 10 records exists column with table names (in output) should be left aligned (see proof picture) column with records number for each table (in output) should be right aligned (see proof picture) Proof: Rules: use union select based SQLi using HTML code for column alignment IS NOT allowed post picture as proof send me your command to PM don't share any part of the challenge until challenge is open Solvers: - Challenge closed.
  19. ajkaro
    Target: h~~p://wlkc.zjti[RST]e.edu.cn/qcwh/content/detail.php?id=330 replace all ~ and remove [RST] Tasks: display version with your name display all databases except information_schema display all tables from primary database Proof: Rules: use union select based SQLi post picture as proof send me your command to PM don't share any information about challenge until challenge is open Solvers: - danyweb09 - Renegade - BitMap
  20. ajkaro
    Taget: h~~p://pant[RST]own.com/community.php?id=3 replace all ~ and remove [RST] Tasks: display version with your name display numbered list of all table names in primary database for fun part color differently odd and even lines Proof: Rules: use union select based SQLi your command should work without knowing anything about database on that site (no previous SQLi injection for checking anything is allowed/needed) post picture as proof send me your command to PM don't share any part of the challenge until challenge is open Solvers: - Bitmap - Renegade
  21. ajkaro
    Target: h~~p://w~w.bise[RST]dgk[RST]han.ed[RST]u.pk replace all ~ and remove all [RST] Tasks: display version with your name in different color Proof: Rules: use union select based SQLi post picture as proof send me your command to PM for better injectors: change your nick name color using same vulnerable column as for version don't share any part of the challenge until challenge is open Solvers: - danyweb09 - Renegade (using easier way with different vulnerable columns) - totti93
  22. ajkaro
    Thanks for the challenge
  23. ajkaro
    Thanks for the challenge
  24. ajkaro

    No records with credit cards data

    Calidus - News

  25. ajkaro
    Target: h~~p://w~w.solu[RST]cionese[RST]xpertise.com/ver_noticia.php?not=5replace all ~ and remove all [RST] Tasks: display version with your name display all tables in primary database after each table name display numbered list of columns names for that table (start numbering with 1 for each new table name) Proof: Rules: use union select based SQLi post picture as proof send me your command to PM your command should work without knowing anything about database on that site (no previous SQLi injection for checking tables and/or columns names are allowed/needed) don't share any part of the challenge until challenge is open Solvers: - danyweb09 - Renegade
×
×
  • Create New...