Challenge - Inj3ction Time - CTFlearn - CTF Practice - CTF Problems

Inj3ction Time

100 points Hard

I stumbled upon this website: http://web.ctflearn.com/web8/ and I think they have the flag in their somewhere. UNION might be a helpful command

Flag

Web · intelagent

8948 solves

Top10

1 niclev20

2 aikakatt

3 dadi

4 joshualaurencio

5 javier

6 abdilahrf

7 pir00t

8 hanto

9 koshi

10 batutahibnu17

Rating 4.71

Must solve to rate

Discussion

New
Popular

Leave a Comment (Supports Markdown)

Protect this comment

mikeAl

1 day ago

Reply Share

It was a pain for me but did it finally

Leave a Comment (Supports Markdown)

Protect this comment

thantan87

1 week ago

Reply Share

sqlinjection is easy for me :V

Leave a Comment (Supports Markdown)

Protect this comment

Alimazen

2 weeks ago

Reply Share

Give me an answer, friends. I'm tired of trying to find it

Leave a Comment (Supports Markdown)

Protect this comment

Backspace007

3 weeks ago

Reply Share

I'm master in union based sql injection

Leave a Comment (Supports Markdown)

Protect this comment

0x324

1 month ago

Reply Share

sqlmap is carring

Leave a Comment (Supports Markdown)

Protect this comment

0xveczif

2 months ago

Reply Share

as a hint try finding number of columns, try union and then try finding table name, then column name and then find column name from table name

Leave a Comment (Supports Markdown)

Protect this comment

0xveczif

2 months ago

Reply Share

try not to use any tool do it manually for better learning

Leave a Comment (Supports Markdown)

Protect this comment

Arubalsh

7 months ago

Reply Share

Good Challenge i used splmap in Linux

Leave a Comment (Supports Markdown)

Protect this comment

zblackhat

10 months ago

Reply Share

Hackbar

Leave a Comment (Supports Markdown)

Protect this comment

Raye

11 months ago

Reply Share

sqlmap is a blessing from jeebus

Leave a Comment (Supports Markdown)

Protect this comment

saifat29

3 years ago

Reply Share

If you're struggling, the concepts on this blog are explained very nicely-

Exploiting SQL Injection: a Hands-on Example

Leave a Comment (Supports Markdown)

Protect this comment

Iderected

2 years ago

Reply Share

You're the best!

Leave a Comment (Supports Markdown)

Protect this comment

mergerg

1 year ago

Reply Share

hmmm I just started doing all the techniques in the article but it's not working for me nearly in the same way

-2

Leave a Comment (Supports Markdown)

Protect this comment

marc_andre_beaulieu

4 years ago

Reply Share

Protected

Leave a Comment (Supports Markdown)

Protect this comment

Driyan

1 year ago

Reply Share

you're great, bro

-1

Leave a Comment (Supports Markdown)

Protect this comment

Mike_Root

4 years ago

Reply Share

Found this very difficult, took me lots of research to solve. Site mentioned in comments was helpful. In the end got much better at understanding sql stuff and am ready to break the interweb.

Leave a Comment (Supports Markdown)

Protect this comment

PFessORx

4 years ago

Reply Share

Very awesome and one of the CTF in this website!!

Leave a Comment (Supports Markdown)

Protect this comment

pwnsauze

1 year ago

Reply Share

I swear i knew sql for sqli like 2 months ago and i just forgot most of it ☠️

Leave a Comment (Supports Markdown)

Protect this comment

abdul0_2

1 year ago

Reply Share

show tables in information_schema.tables then show column in information_schema.columns

Leave a Comment (Supports Markdown)

Protect this comment

madhuvarun

4 years ago

Reply Share

Hello,

I have a doubt.

when given an id, it returns 3 text values (name,breed and color). When I try the payload (id=1+union+select+'a','b','c','d') why is it returning nothing.

because since when an id is given it is returning text values the result from the union operation should be text values or union query will fail.

but when I use the below payload it is working fine. id=1+union+select+1,2,3,4

the above query should cause error and should not give any results. But the app is returning 1,2,3 values on to the website.

What is happening here? Could anyone explain me?

Thanks

Leave a Comment (Supports Markdown)

Protect this comment

madhuvarun

4 years ago

Reply Share

quick update:- inplace of 1 in id=1+union+select+1,2,3,4 I have used 'a'. SO the query now is

id=1+union+select+'a',2,3,4. <---- This is returning 0 results.

But when I use below query it is returning table names.

id=1+union+select+table_name,2,3,4 from information_schema.tables <---- returns table names

No idea why. Could someone please explain?

THanks

Leave a Comment (Supports Markdown)

Protect this comment

vcth4nh

4 years ago

Reply Share

Because the sever use mysql_real_escape_string, which will change the quotation marks. You need to encode string to hex, i.e. id=1+union+select+0x61,0x62,0x63,0x64.

Leave a Comment (Supports Markdown)

Protect this comment

guysante

3 years ago

Reply Share

I don't know if you solved it yet but you inspired me, thanks.

Leave a Comment (Supports Markdown)

Protect this comment