denjacker Posted April 9, 2011 Report Share Posted April 9, 2011 (edited) Se da urmatorul parametru :http://www.radiobremen.de/apps/php/mediathek/metadaten.php?id=040903.. evident complet nesanitizat!Nu e cazul sa va complicati cu tehnici de bypass ptr ca nu exista absolut nici un filtru care sa blocheze functii, operatori sau alte caractere. Totul consta in manipularea Query-ului deja existent in metadaten.php in asa fel incat executia injectiei sa nu intre in conflict cu el.Am spus in titlu : "EXTRA-Difficult" ptr ca sunt 2-3 lucruri care se tin lant si de care neaparat trebuie sa tineti cont , dar ca si tehnica nu este neaparat foarte foarte dificila. Problema este sa aflati inainte de toate care sunt acele lucruri.Cerintele sunt :- injectarea parametrului folosind strict UNION SELECT .. se poate si BLIND sau ERROR BASED dar nu ma intereseaza acel gen de sintaxe.- postati un screenshot [preferabil cu injectia cenzurata] in care ati extras cateva informatii de baza care sa dovedeasca faptul ca ati reusit :versiune, nume db, system user, OS, ...etc .. ce vreti voi, nu conteaza foarte mult ce anume.- sau trimiteti un PM cu sintaxa ptr validare. Nu se vor face publice!Screenshot-ul meuCastigatorii vor fi afisati in lista de mai jos:And the WINNERS aaaaaaareeee:----------------------------------------------[1] :::: tromfil[2] :::: tdxev[3] :::: jesus[4] :::: birouamar[5] :::: to be edited..-----------------------------------------------Asadar .. Edited April 15, 2011 by denjacker 1 Quote Link to comment Share on other sites More sharing options...
denjacker Posted April 10, 2011 Author Report Share Posted April 10, 2011 Felicitari ptr. tromfil, raspunsul lui a fost validat !!mai astept si altii ::bump::Later Edit:-----------------------Vad ca nu se prea implica lumea .. Ar fi bine de stiut daca a incercat cineva in afara de tromfil.. Vreti un tutorial sau mai asteptam sa mai incercati ?Macar sa stiu daca exista persoane interesate de subiect . Quote Link to comment Share on other sites More sharing options...
eddy212121 Posted April 10, 2011 Report Share Posted April 10, 2011 tutorial........... 1 Quote Link to comment Share on other sites More sharing options...
tdxev Posted April 13, 2011 Report Share Posted April 13, 2011 ImageShack® - Online Photo and Video Hosting 1 Quote Link to comment Share on other sites More sharing options...
jesus Posted April 13, 2011 Report Share Posted April 13, 2011 1 Quote Link to comment Share on other sites More sharing options...
birouamar Posted April 15, 2011 Report Share Posted April 15, 2011 ImageShack® - Online Photo and Video Hosting Quote Link to comment Share on other sites More sharing options...
vlad1395 Posted April 21, 2011 Report Share Posted April 21, 2011 Una dintre cele mai interesante. 1 Quote Link to comment Share on other sites More sharing options...
ghostwhite85 Posted April 28, 2011 Report Share Posted April 28, 2011 interesant Quote Link to comment Share on other sites More sharing options...