Jump to content
ajkaro

[SQLi] challenge

By ajkaro, in Challenges (CTF)

Recommended Posts

ajkaro Newbie

ajkaro

Posted
Posted (edited)

It is holiday time thumbsup.gif Time for a SQLi challenge with few tasks pirate.gif

Target:

h~~p://w~w.mara[RST]bous.com.au/product.php?id=4

replace ~ and remove [RST]

Tasks:

  • display version with your name
  • display number of tables in primary database
  • display list with names, records count and columns count of these tables
  • mark tables with column password (characters pass in column name)
  • display numbering of tables
  • display result in formatted output (like a table with header and footer)
  • bellow last table name display totals for records count and columns count for all displayed tables

Proof:

a5907a0a81b00629559e2e256f087426.jpg

Rules:

  • use union select based SQLi
  • post picture as proof
  • send me your command to PM
  • your command should work without knowing anything about database on that site (no previous SQLi injections for checking tables, records, columns count are allowed/needed)
  • hiding any (intermediate) results (like white color on white background) is not allowed
  • don't share any part of the challenge solution until challenge is open lipssealed.gif
  • colors in your output are not required

Preferred method is NOT to use HTML table command <table>...

Solvers:

- danyweb09 (with HTML <table> command)

Edited by ajkaro
Todo Newbie

Todo

Posted
Posted (edited)
That is what I do with posts in Romanian language ;)

That was for "Bebe", not for you dude! I was just surprised by the fact that some people ask really weird questions in here. If they doesn't understand the post they can always use Google Translate. And I already quoted that user, it was obvious that the message was for him and not for you. Same as I do now, I quote your message and reply to it.

Edited by Todo
ajkaro Newbie

ajkaro

Posted
  • Author
Posted
That was for "Bebe", not for you dude! ...

What makes you think I was taking your post as addressed to me :D

I just wanted to support your suggestion about using Google translate. That is what I use when post is in Romanian language. So I backed you up...

Todo Newbie

Todo

Posted
Posted
What makes you think I was taking your post as addressed to me :D

I just wanted to support your suggestion about using Google translate. That is what I use when post is in Romanian language. So I backed you up...

Ok, obviously I misunderstood that. :D

ajkaro Newbie

ajkaro

Posted
  • Author
Posted

I done all taks except the part with the HTML table tags

...

But you did use HTML table command in your syntax...

Try to solve it without HTML table. That is preferred way.

P.S.

You solution is valid too. Added to solvers list. Congrats!

  • Active Members
dancezar Newbie

dancezar

Posted
  • Active Members
Posted
But you did use HTML table command in your syntax...

Try to solve it without HTML table. That is preferred way.

P.S.

You solution is valid too. Added to solvers list. Congrats!

Sorry i write wrong.I wanted to write "without":)))

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...