ST02: SQLi Challenge (Solved)

Hi Everyone. It’s a challenge for everyone. Let’s see who can solve this… :sunglasses:
Go to: http://104.129.171.125/SQLi/

Note:

  • The challenge in under this path /SQLi/
  • POC done by automation SQL injection tools are not accepted. ex. Sqlmap/Havij

Hints:
http://104.129.171.125/SQLi/index.php?id=0
http://104.129.171.125/SQLi/index.php?id=1

Scoreboard

The result is based on the explanation of the problem and the manual injection technique.

  1. @Forhad :star:
  2. @Shouvo
  3. @Optimize_Prime
  4. @Kharap_Atta
3 Likes

bro… :roll_eyes: @khan @Sameull

Screenshot_45

1 Like

Hi. I’m sorry. It make a misunderstanding. I should mention it.
The challenge in under this path /SQLi/

before saw this ,i am also trying to main domain.

1 Like

Hi @Shouvo

  • The challenge in under this path /SQLi/

What I need to show you?

1 Like

Hi @Optimize_Prime
Just do a manual Sql injection in http://104.129.171.125/SQLi/ and get the database info.

ok

1 Like

Any hints ? @1337

1 Like

hints :sleepy:

1 Like

Hints:
http://104.129.171.125/SQLi/index.php?id=0
http://104.129.171.125/SQLi/index.php?id=1

boolean based blind sql injection
7 database :wink:
mysql 5.0

1 Like

admin_default
admin_security
admin_wp
information_schema
mysql
performance_schema
security

@Shouvo

1 Like

@Optimize_Prime @Shouvo Please Indox me the POC. :sparkling_heart:

That server down :confused:

It’s up from my side dear. Maybe you used (HTTPS)
http://104.129.171.125/SQLi/index.php?id=0

MySQL >= 5.0.12

available databases [7]:
[.] admin_default
[.] admin_security
[.] admin_wp
[.] information_schema
[.] mysql
[.] performance_schema
[.] security

Database: security
[4 tables]
±---------+
| emails |
| referers |
| uagents |
| users |
±---------+

Database: security
Table: users
[3 columns]
±---------±------------+
| Column | Type |
±---------±------------+
| id | int(3) |
| password | varchar(20) |
| username | varchar(20) |
±---------±------------+

Database: security
Table: users
[8 entries]
±—±-----------±---------+
| id | password | username |
±—±-----------±---------+
| 1 | Dumb | Dumb |
| 2 | I-kill-you | Angelina |
| 3 | [email protected] | Dummy |
| 4 | crappy | secure |
| 5 | stupidity | stupid |
| 6 | genious | superman |
| 7 | mob!le | batman |
| 8 | admin | admin |
±—±-----------±---------+

Thanks

1 Like

Well done @Kharap_Atta but POC done by automation SQL injection tools are not accepted. ex. Sqlmap/Havij

ok