I stumbled upon this website: http://web.ctflearn.com/web8/ and I think they have the flag in their somewhere. UNION might be a helpful command
1 week ago
Is it by design that https://web.ctflearn.com/web8/fade.js is missing and returns 404 when browser tries to load it?
show tables in information_schema.tables then show column in information_schema.columns
3 weeks ago
1 month ago
Comments are helpful I just learned SQLi hands-on
3 months ago
it was pretty hard but with all fun and learning
4 months ago
easy but took few min!!
it fetching data soo slow in sqlmap
5 months ago
I used SQLMap to solve this test,but I failed to use union with information_schema , can anyone Explain it ?
6 months ago
Many Thanks for your clarify
1 year ago
If you're struggling, the concepts on this blog are explained very nicely-
Exploiting SQL Injection: a Hands-on Example
You're the best!
2 months ago
hmmm I just started doing all the techniques in the article but it's not working for me nearly in the same way
2 years ago
you're great, bro
Found this very difficult, took me lots of research to solve. Site mentioned in comments was helpful. In the end got much better at understanding sql stuff and am ready to break the interweb.
Very awesome and one of the CTF in this website!!
I have a doubt.
when given an id, it returns 3 text values (name,breed and color).
When I try the payload (id=1+union+select+'a','b','c','d') why is it returning nothing.
because since when an id is given it is returning text values the result from the union operation should be text values or union query will fail.
but when I use the below payload it is working fine.
the above query should cause error and should not give any results. But the app is returning 1,2,3 values on to the website.
What is happening here? Could anyone explain me?
quick update:- inplace of 1 in id=1+union+select+1,2,3,4 I have used 'a'. SO the query now is
id=1+union+select+'a',2,3,4. <---- This is returning 0 results.
But when I use below query it is returning table names.
id=1+union+select+table_name,2,3,4 from information_schema.tables <---- returns table names
No idea why. Could someone please explain?
Because the sever use mysql_real_escape_string, which will change the quotation marks. You need to encode string to hex, i.e. id=1+union+select+0x61,0x62,0x63,0x64.
I don't know if you solved it yet but you inspired me, thanks.