Followers 0

[SQLI] Blind in one query

By shaggi, January 15, 2015 in Challenges (CTF)

Recommended Posts

shaggi

Posted January 15, 2015

- Report

Posted January 15, 2015 (edited)

Salutare, Challange-ul pe care il am pentru voi este sa luati un char de la un string din db, intr-un singur query/req

Raspunsurile pe PM

sa spunem ca asta ar fi scriptul vulnerabil:

<?php
$db = new PDO('mysql:host=mysql13.000webhost.com;dbname=a8014888_mom', 'a8014888_mom', 'numauita11');


if(isset($_GET['id'])) 
    $db->query("SELECT * FROM completed where id=".$_GET['id']);

Nu am facut un demo deoarece era greu de implementat limita aia cu 1 query/req....

Edited January 15, 2015 by shaggi

Quote

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

× Pasted as rich text. Paste as plain text instead

Only 75 emoji are allowed.

× Your link has been automatically embedded. Display as a link instead

× Your previous content has been restored. Clear editor

× You cannot paste images directly. Upload or insert images from URL.

Insert image from URL

Followers 0

Go to topic listing

Sign In

[SQLI] Blind in one query

Recommended Posts

shaggi

Join the conversation

Browse

Activity

Pages