Guest Praetorian Posted October 17, 2010 Report Share Posted October 17, 2010 Info: Cu cateva zile in urma cineva mi-a dat sa fac sintaxa unui site vulnerabil la MySQLi, zicand ca nu poate obtine anumite date cu tools-uri / script-uri. Ce a urmat, a fost placut, pentru ca a fost prima data cand am intalnit un asemenea exemplu, si anume sa trebuiasca sa treci peste foarte multe filtre.Vulnerable link: Traian BasescuProof: http://img413.imageshack.us/img413/9946/challengebase.pngDificultate: MediumCerinte: Sa se foloseasca "union select", "concat() & group_concat()", vizualizarea tuturor tabelelor si coloanelor cu ajutorul "information_schema", "user(),database(),version()"Syntaxele pe PM, iar ca proof lasati un screen editat. Quote Link to comment Share on other sites More sharing options...
sonyx Posted October 17, 2010 Report Share Posted October 17, 2010 editediteditediteditedit Quote Link to comment Share on other sites More sharing options...
Guest Praetorian Posted October 17, 2010 Report Share Posted October 17, 2010 Da-i edit la post, si citeste-mi PM-ul! Quote Link to comment Share on other sites More sharing options...