did the flag changed?

Hello,

I have a doubt.

when given an id, it returns 3 text values (name,breed and color). When I try the payload (id=1+union+select+'a','b','c','d') why is it returning nothing.

because since when an id is given it is returning text values the result from the union operation should be text values or union query will fail.

but when I use the below payload it is working fine. id=1+union+select+1,2,3,4

the above query should cause error and should not give any results. But the app is returning 1,2,3 values on to the website.

What is happening here? Could anyone explain me?

Thanks

quick update:- inplace of 1 in id=1+union+select+1,2,3,4 I have used 'a'. SO the query now is

id=1+union+select+'a',2,3,4. <---- This is returning 0 results.

But when I use below query it is returning table names.

id=1+union+select+table_name,2,3,4 from information_schema.tables <---- returns table names

No idea why. Could someone please explain?

THanks

great challenge!

This was really quick but fun. The hint gave it away instantly for me

Hello,

I have a doubt.

when given an id, it returns 3 text values (name,breed and color). When I try the payload (id=1+union+select+'a','b','c','d') why is it returning nothing.

because since when an id is given it is returning text values the result from the union operation should be text values or union query will fail.

but when I use the below payload it is working fine. id=1+union+select+1,2,3,4

the above query should cause error and should not give any results. But the app is returning 1,2,3 values on to the website.

What is happening here? Could anyone explain me?

Thanks

inplace of 1 in id=1+union+select+1,2,3,4 I have used 'a'. SO the query now is

id=1+union+select+'a',2,3,4. <---- This is returning 0 results.

But when I use below query it is returning table names.

id=1+union+select+table_name,2,3,4 from information_schema.tables <---- returns table names

No idea why. Could someone please explain?

THanks

This was a really good challenge. I have been working on this once for a day and finally cracked it!

Found this very difficult, took me lots of research to solve. Site mentioned in comments was helpful. In the end got much better at understanding sql stuff and am ready to break the interweb.

Really good challenge. please do it yourself for learning something about SQLi !

Very awesome and one of the CTF in this website!!

Why use sqlmap? This website is for learning shit, using a tool and not even understanding what it does is not making you learn anything at all lol

This was really quick but fun. The hint gave it away instantly for me

Hello,

I have a doubt.

when given an id, it returns 3 text values (name,breed and color). When I try the payload (id=1+union+select+'a','b','c','d') why is it returning nothing.

because since when an id is given it is returning text values the result from the union operation should be text values or union query will fail.

but when I use the below payload it is working fine. id=1+union+select+1,2,3,4

the above query should cause error and should not give any results. But the app is returning 1,2,3 values on to the website.

What is happening here? Could anyone explain me?

Thanks

inplace of 1 in id=1+union+select+1,2,3,4 I have used 'a'. SO the query now is

id=1+union+select+'a',2,3,4. <---- This is returning 0 results.

But when I use below query it is returning table names.

id=1+union+select+table_name,2,3,4 from information_schema.tables <---- returns table names

No idea why. Could someone please explain?

THanks

Really good challenge. please do it yourself for learning something about SQLi !

nicesu

nice challenge, from which I learned a lot.