Paid Advertising is
ha.ckers sla.cking
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
SQLi challenge
Posted by: lightos
Date: March 13, 2011 04:55AM

Hey guys, I wrote a small SQLi challenge on my spare time. Basically everything needed to complete it has been discussed in this forum at one point or another.

Please refrain from using any automated tools (unless you wrote it yourself) to try and solve this challenge, because they won't work. Enjoy :)

Edited 3 time(s). Last edit at 03/25/2011 04:55AM by lightos.

Options: ReplyQuote
Re: SQLi challenge
Posted by: lightos
Date: March 25, 2011 05:26AM

The challenge is now over. I had lots of fun writing it and watching everyone try to solve it. The following people were able to successfully complete it:

white__sheep & havoc1988
sirdarckcat & tr3w

I want to congratulate them, it wasn't too easy too solve and I must say, I was really impressed with D0znpp's solution, which ended up teaching me a new trick. Basically I only allowed the ;%00 (null byte) to terminate the query which is the path most took, but instead he used a variable (@VAR:=) which surprisingly also worked!

For example,

mysql> SELECT 'ABC' FROM dual WHERE 1=1^@VAR:='' AND 1=2;
| ABC |
| ABC |
1 row in set (0.00 sec)

The query shouldn't execute since the AND 1=2 is false, therefore making the rest of the query false. However, in this case the AND 1=2 is only being applied to the @VARIABLE:=, allowing you to use it to terminate queries. Next challenge will be MSSQL, so should be interesting.

Hasta luego!

Options: ReplyQuote

Sorry, only registered users may post in this forum.