Janus All Challenges 1 to 101. SQLi challenge 1 --->~~~ Task ~~~- displa

1. Janus All Challenges 1 to 10
2.  
3. 1. SQLi challenge 1 --->
4. ~~~ Task ~~~
5. - display version with your name
6. - display all tables from primary database sorted by table records count (descending sort order).
7.  
8. ~~~ Site ~~~
9. aHR0cDovL3d3dy5sb3djYXJib25saXZlcnBvb2wuY29tL2xpdHRsZV9ncmVlbl9ib29rLnBocD9pZD0x​
10. (Base64 decode it)
11.  
12. ~~~Proof ~~~
13. https://www.anonimg.com/img/e6b7c21c0658c5e3683b073aee3b2907.jpg
14.  
15. Records count on your picture will be probably different than on mine as records count is changing...
16.  
17. ~~~ Rules ~~~
18. use colors, group_concat and limit are not allowed, post your solution at https://privnote.com and send me link to it
19.  
20.  
21. 2. [Janus] SQLi challenge #2 ---->
22.  
23. Here is my new challenge. As I said in my previous challenge I will ask for something more in my challenges, so maybe they are not for newbies... Non
24.  
25. ~~~ Task ~~~
26. - display version with your name
27.  
28. ~~~ Site ~~~
29. aHR0cDovL2lhLWJjLmNvbS9zZXJ2aWNlcy5waHA/aWQ9Mg==​
30. (Base64 decode it)
31.  
32. ~~~ Rules ~~~
33. I will help WAF on that site with additional rule Devlish
34. - you may not use concat or any other function with character _ in function's name (like concat_ws...)
35. - post your syntax to https://privnote.com and send me link to PM
36.  
37. 3. [Janus] SQLi challenge #3
38.  
39. Hi folks,
40.  
41. This is my challenge #3. Previous two were basic for advanced injectors. We were sorting data in DIOS output in searching alternatives for concatenating data there. After that warming up it is time to go to next level Pirate
42.  
43. ~~~ Task ~~~
44. - display version with your name
45. - display numbered list of all tables in primary database (one table per row)
46.  
47. ~~~ Site ~~~
48. aHR0cDovL3d3dy5jaG5yaS5vcmcvcHJvZmlsZS5waHA/cHJvZmlsZUlkPTIzODk=​
49. (Base64 decode it)
50.  
51. ~~~Proof~~~
52.  
53. http://img15.hostingpics.net/pics/42028814c1.jpg
54.  
55.  
56. As this challenge is harder I will force you to change your usual injections - see rules bellow.
57. ~~~ Rules ~~~
58. - complete injection must be done in one vulnerable column
59. - you may not use concat or any other function with character _ in function's name (like group_concat...)
60. - you may not use function IN() or Benchmark()
61. - in your complete syntax command from may be used only once
62. - your command should work without knowing anything about databases/tables on that site...
63.  
64. Post your syntax to https://privnote.com (it is automatically destroyed after reading) and send me link to PM
65.  
66. Let's SQL knowledge be with you
67.  
68.  
69. 4. [Janus] SQLi challenge #4 ---->
70.  
71. Hi folks,
72.  
73. This is my challenge #4. Again, it will be a little harder than previous ones Pirate
74.  
75. ~~~ Task ~~~
76. - display all tables in primary database
77. - under each table (displayed only once) display numbered list (use roman numbers) of columns in that table (with their length in characters) sorted by column length descending
78. - display only column names with more than 6 characters in its name (hide all shorter ones)
79. - make a statistics about records in each table, number of columns and number of hidden columns (those shorter than 6 characters in column_name) in each table - see proof picture
80.  
81. ~~~ Site ~~~
82. aHR0cDovL3d3dy5ldmVuZW1lbnRpZWwtZnJhbmNlLmNvbS90YXJpZi1ldC1kZXZpcy10YXJpZnMucGhw​P2lkYXBwZWw9NjA1MA==
83. (Base64 decode it using online decoder like https://www.base64decode.org/)
84.  
85. ~~~ Proof ~~~
86.  
87. http://img15.hostingpics.net/pics/98313178c1.jpg
88.  
89.  
90. ~~~ Rules ~~~
91. - complete injection must be done in one vulnerable column
92. - don't use group_concat, limit and substring_index (use pure DIOS)
93. - your command should work without knowing anything about tables/columns on that site...
94.  
95. Post your syntax to https://privnote.com (it is automatically destroyed after reading) and send me link to PM
96.  
97. Let's SQL knowledge be with you
98.  
99.  
100. 5. Janus] SQLi challenge #5
101.  
102. Hi folks,
103.  
104. This is my challenge #5 for advanced injectors. Again, it will be a little harder than previous ones Pirate
105.  
106. ~~~ Task ~~~
107. - display version with your name
108. - find total number of all databases
109. - find total number of tables in all databases
110. - find total number of columns in all databases
111. - go trough all databases and find highest and lowest number of tables among all databases
112. - go trough all databases and find highest and lowest number of columns among all tables in all databases
113. - go trough all databases and find highest and lowest number of records among all tables in all databases
114.  
115. ~~~ Site ~~~
116. aHR0cDovL3d3dy5wYW50ZXJhLmNvbS5ici9ub3RpY2lhcy92ZXJub3RpY2lhLnBocD9ub3Q9NQ==
117. (Base64 decode it using online decoder like https://www.base64decode.org/)
118.  
119. ~~~ Proof ~~~
120.  
121. http://img4.hostingpics.net/pics/43654018c2.jpg
122.  
123. ~~~ Rules ~~~
124. - you may not use command count() for finding totals (task 1 - 3)
125. - don't use database name information_schema anywhere in your syntax...).
126. - in your syntax you should use all three relevant tables: information_schema.schemata for data about databases / information_schema.tables for data about tables and information_schema.columns for data about columns.
127. - your command should work without knowing anything about databases/tables/columns on that site...
128.  
129. Post your syntax to https://privnote.com (it is automatically destroyed after reading) and send me link to PM
130.  
131. Let's SQL knowledge be with you
132.  
133.  
134. 6. [Janus] SQLi challenge #6 [hard]
135.  
136. Hi folks,
137.  
138. This is my challenge #6 for advanced injectors. After warming up with previous 5 let's start with hard SQLi challenges Pirate
139.  
140. ~~~ Tasks ~~~
141. - display version with your name
142. - display number of tables in main database
143. - display top 10 tables (with their date of change) that were changed most recently
144. - display top 10 "oldest" tables (with their date of change) according to their dates of change
145. - each list should be numbered separately
146.  
147. ~~~ Site ~~~
148. aHR0cDovL3d3dy5wcmVtaXNlcy5jb20uYXUvcmVzaWRldGFpbHMucGhwP2lkPTYwNzk2Nzg=
149. (Base64 decode it using online decoder like https://www.base64decode.org/)
150.  
151. ~~~ Proof ~~~
152.  
153. http://img15.hostingpics.net/pics/32830315c1.jpg
154.  
155. ~~~ Rules ~~~
156. - you may not use command order by or group by
157. - solution should be pure SQL
158.  
159. Post your syntax to https://privnote.com (it is automatically destroyed after reading) and send me link to PM
160.  
161. Let's SQL knowledge be with you
162.  
163.  
164. 7. Janus] SQLi challenge #7 [hard] ----->
165.  
166. Hi folks,
167.  
168. Let's continue my serie of challenges. Credits for this challenge go to ajkaro. Black Hat
169.  
170. ~~~ Tasks ~~~
171. - display numbered list of all databases
172. - at each database name show number of tables in that database
173. - after each database display numbered list of tables in that database (start tables numbering with number 1 with each new database)
174. - at each table name show number of records and columns in that table
175. - after each table display numbered list of all columns in that table (start columns numbering with number 1 with each new table)
176. - indent each level (databases/tables/columns) - see proof picture (example with database #2)
177.  
178. ~~~ Site ~~~
179. aHR0cDovL2luZHVzdHJpYWxpbXBsYXIuY29tLmJyL25vdGljaWFzLWxvb2sucGhwP25vdGljaWE9MQ==​
180. (Base64 decode it using online decoder like https://www.base64decode.org/)
181.  
182. ~~~ Proof ~~~
183. http://img4.hostingpics.net/pics/80747030c1.jpg
184.  
185. ~~~ Rules ~~~
186. - for each level of data (databases/tables/columns) use different colors (for example red/green/blue)
187. - in your syntax you should iterate trough all three relevant tables: information_schema.schemata for data about databases / information_schema.tables for data about tables and information_schema.columns for data about columns. Other tricks are not allowed Cool
188. - you may not use benchmark() Nono
189.  
190.  
191. Post your syntax to https://privnote.com (it is automatically destroyed after reading) and send me link to PM
192.  
193. Let's SQL knowledge be with you
194.  
195.  
196. 8.[Janus] SQLi challenge #8
197.  
198. Hi folks,
199.  
200. Here is my challenge #8 of 10 for M"SQLi circle members (open to others too). Pirate
201.  
202. ~~~ Tasks ~~~
203. - display version with your name
204. - display list of all tables in primary database with their number of columns
205. - list should be sorted in descending columns/tables order
206. - display number of columns in accurate graphics (see proof picture)
207.  
208. ~~~ Site ~~~
209. aHR0cDovL3d3dy5tZXJpZGlhbjQuY29tL25ld3MvP2dhbWU9MTA=
210. (Base64 decode it using online decoder like https://www.base64decode.org/)
211.  
212. ~~~ Proof ~~~
213.  
214. http://img4.hostingpics.net/pics/45114240c6.jpg
215.  
216. ~~~ Rules ~~~
217. - you may not use benchmark()
218. - your injection should work without knowing anything about database/tables/columns on that site
219.  
220. Post your syntax to https://privnote.com (it is automatically destroyed after reading) and send me link to PM
221.  
222. Let's SQL knowledge be with you
223.  
224. 9. [Janus] SQLi challenge #9
225.  
226. Hi folks,
227.  
228. Here is my challenge #9 of 10 for M"SQLi circle members (open to others too). Pirate
229.  
230. ~~~ Tasks ~~~
231. - display top 5 tables with their records count
232. - use colors
233.  
234. ~~~ Site ~~~
235. aHR0cHM6Ly93d3cubGluZGFrYW1taW5zLmNvbS9jaGVja291dC5waHA/Y2F0aWQ9MTEmY2hlY2tjaG9vc2VyPWNoZWNrb3V0JnNpZD1hZmJlNjk3Y2M2ZjBmNjRiMDEzMzEzYTY1​NzIzMjE5Mw==
236. (Base64 decode it using online decoder like https://www.base64decode.org/)
237.  
238. ~~~ Proof ~~~
239. http://img15.hostingpics.net/pics/92202691c5.jpg
240.  
241. ~~~ Rules ~~~
242. - union select
243. - your injection should work without knowing anything about tables/records on that site
244.  
245. Post your syntax to https://privnote.com (it is automatically destroyed after reading) and send me link to PM
246.  
247. Let's SQL knowledge be with you
248.  
249. 10. [Janus]SQLi challenge #10 [hard]
250.  
251. Hi folks,
252.  
253. Here is my final challenge (#10 of #10 for M"SQLi circle members (open to others too)). Pirate Possible other challenges from me WILL NOT be part of Mensa SQLi circle competition any more.... I finished my obligation, waiting for challenges from other M"SQLi members... I expect your revenge Devlish
254.  
255. Credits for some parts of this challenge go again to ajkaro. Thanx man for all your help and inspiration Black Hat
256.  
257. ~~~ Tasks ~~~
258. - display version with your name
259. - display list of all tables in primary database, sorted descending by number of columns where column name starts with letter j or a or n or u or s
260. - at tables where such columns exist, graphically display number of them and display them in sorted list in descending order (see proof picture)
261.  
262. ~~~ Site ~~~
263. aHR0cDovL3d3dy50cnVjb3JlcGlsYXRlcy5jb20vdHJhaW5lcnMucGhwP3BhZ2VfaWQ9MjU=
264. (Base64 decode it using online decoder like https://www.base64decode.org/)
265.  
266. ~~~ Proof ~~~
267.  
268. http://img15.hostingpics.net/pics/111243challenge10.jpg
269.  
270. ~~~ Rules ~~~
271. - use DIOS. group_concat, order by, group by, html table commands may not be part of your syntax
272. - use pure SQL (no javascript or anything else)
273. - your injection should work without knowing anything about databases/tables/columns at that site
274. - your solution should be generic (it should work at different SQLi vulnerable sites (WAF excluded))
275.  
276. Post your syntax to https://privnote.com (it is automatically destroyed after reading) and send me link to PM
277.  
278. Let's SQL knowledge be with you