[SQLi] challenge

[ajkaro]

When we inject we usually want to know all table names, we want to know if there are tables with many records and if you are searching for passwords you want to know column names for tables with password so in next step you can compose a SQLi command to get data from columns needed for login (like columns username & password). All that is your task in this challenge If you know how, also add some numbering cosmetics

Target:

hXXp://wXw.fotodi.ru/vyst.php?id=100

Task:

• display all tables (except those from information_schema)
  
• display numbering of all tables (all numbers should have same length of 3 numbers (001, 002, ... 011... 099, 100...)
  
• mark all tables with more than 1000 records with some label (like over 1000 records)
  
• display count and all column names at tables with password column (search for character combination pas)
  
• display numbering of all column names in each table with password column
  

Proof:

Rules:

• your command should work without knowing anything about database on that site (no previous SQLi injection for checking table or column names are allowed/needed)
  
• result (see proof picture) is made by one SQLi command
  
• use union select based SQLi
  
• post picture as proof
  
• send me your command to PM
  
• colors and lines in output are not required
  

Solvers:

- Bitmap

Edited September 10, 2013 by ajkaro

[2time]

in the end I want to see the solve if possible thx

[ajkaro]

Put label 1000 records ONLY with tables where there are more than 1000 records. And not at every table...

Compare your picture with my picture.

Edited July 12, 2013 by ajkaro

[BitMap]

Another great challenge.