Jump to content
totti93

SQL Injection Challenge [Unknown Level]

By totti93, in Challenges (CTF)

Recommended Posts

totti93 Newbie

totti93

Posted
Posted (edited)

Cerinte:

1. Sa se extraga versiunea bazei de date, utilizatorul curent a bazei de date, si baza de date curenta folosind SQL Injection (35 p)

2. Se se localizeze folderul unde se afla datele `www` (20p)

3. Obtineti datele de logare la serverul SQL (15p)

4. Obtineti acces remote la serverul SQL (nu conteaza user-ul) (20p)

5. Scrieti un PoC cu toate cerintele pentru a fii sigur ca nu ati folosit niciun tool automat (10p) - Obligatoriu!

Nu se accepta metode blind. Rezultatul trebuie sa fie afisat!

Daca nu se rezolva cerinta 5, atunci NU se ia in considerare nimic!

Documentele, fisierele care contin demonstratiile scrise de voi se vor trimite prin PM (Uploadati undeva unde sa ramana privat)

Challenge-ul a fost facut in graba, deci e posibil sa mai apara si alte erori.

Din aceasta cauza => Orice alta exploatare se ia in considerare!

Target: Take the challenge!!

Solvers:


Nick      | Pct |
----------+-----+
 shaggi   | 0+  |

Edited by totti93
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...