Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
SQLi challenge
Posted by: lightos
Date: March 13, 2011 04:55AM

Hey guys, I wrote a small SQLi challenge on my spare time. Basically everything needed to complete it has been discussed in this forum at one point or another.

http://sqli.dyndns-web.com/

Please refrain from using any automated tools (unless you wrote it yourself) to try and solve this challenge, because they won't work. Enjoy :)



Edited 3 time(s). Last edit at 03/25/2011 04:55AM by lightos.

Options: ReplyQuote
Re: SQLi challenge
Posted by: lightos
Date: March 25, 2011 05:26AM

The challenge is now over. I had lots of fun writing it and watching everyone try to solve it. The following people were able to successfully complete it:

kkotowicz
white__sheep & havoc1988
D0znpp
sirdarckcat & tr3w

I want to congratulate them, it wasn't too easy too solve and I must say, I was really impressed with D0znpp's solution, which ended up teaching me a new trick. Basically I only allowed the ;%00 (null byte) to terminate the query which is the path most took, but instead he used a variable (@VAR:=) which surprisingly also worked!

For example,

mysql> SELECT 'ABC' FROM dual WHERE 1=1^@VAR:='' AND 1=2;
+-----+
| ABC |
+-----+
| ABC |
+-----+
1 row in set (0.00 sec)

The query shouldn't execute since the AND 1=2 is false, therefore making the rest of the query false. However, in this case the AND 1=2 is only being applied to the @VARIABLE:=, allowing you to use it to terminate queries. Next challenge will be MSSQL, so should be interesting.

Hasta luego!

Options: ReplyQuote


Sorry, only registered users may post in this forum.