Inj3ction Time

100 points Hard

I stumbled upon this website: http://web.ctflearn.com/web8/ and I think they have the flag in their somewhere. UNION might be a helpful command

Flag

Web · intelagent

9172 solves

Top10

1 niclev20

2 aikakatt

3 dadi

4 joshualaurencio

5 javier

6 abdilahrf

7 pir00t

8 hanto

9 koshi

10 batutahibnu17

Rating 4.71

Must solve to rate

Discussion

New
Popular

Leave a Comment (Supports Markdown)

Protect this comment

ByteH4x0rR

3 weeks ago

Reply Share

ezzpz

Leave a Comment (Supports Markdown)

Protect this comment

ByteH4x0rR

3 weeks ago

Reply Share

ezzpz

Leave a Comment (Supports Markdown)

Protect this comment

ByteH4x0rR

3 weeks ago

Reply Share

ezzpz

Leave a Comment (Supports Markdown)

Protect this comment

ByteH4x0rR

3 weeks ago

Reply Share

ezzpz

Leave a Comment (Supports Markdown)

Protect this comment

ByteH4x0rR

3 weeks ago

Reply Share

ezzpz

Leave a Comment (Supports Markdown)

Protect this comment

ByteH4x0rR

3 weeks ago

Reply Share

ezzpz

Leave a Comment (Supports Markdown)

Protect this comment

ByteH4x0rR

3 weeks ago

Reply Share

ezzpz

Leave a Comment (Supports Markdown)

Protect this comment

Xieliet

1 month ago

Reply Share

gampang amat

Leave a Comment (Supports Markdown)

Protect this comment

cheaterdxd

1 month ago

Reply Share

that challenge pretty hard for me without hint from comment :)) but okay, im done

Leave a Comment (Supports Markdown)

Protect this comment

slomac77

3 months ago

Reply Share

Paradoxically it's pretty easy to solve this using sqlmap, picking correct table to inject and that's all. Also, it was fun and some practical lesson abt SQL injection. Very Good Challenge bro!

Leave a Comment (Supports Markdown)

Protect this comment

aqadwd

2 years ago

Reply Share

https://blog.csdn.net/arbitraty/article/details/80202040 https://blog.csdn.net/qq_32863631/article/details/83024322 these help me a lot

-6

Leave a Comment (Supports Markdown)

Protect this comment

vedantkanoujia

2 years ago

Reply Share

chutiye

Leave a Comment (Supports Markdown)

Protect this comment

UndercoverDog

1 year ago

Reply Share

Doesnt really help when you dont speak Chinese lol

Leave a Comment (Supports Markdown)

Protect this comment

saifat29

3 years ago

Reply Share

If you're struggling, the concepts on this blog are explained very nicely-

Exploiting SQL Injection: a Hands-on Example

Leave a Comment (Supports Markdown)

Protect this comment

Iderected

2 years ago

Reply Share

You're the best!

Leave a Comment (Supports Markdown)

Protect this comment

mergerg

2 years ago

Reply Share

hmmm I just started doing all the techniques in the article but it's not working for me nearly in the same way

-3

Leave a Comment (Supports Markdown)

Protect this comment

marc_andre_beaulieu

4 years ago

Reply Share

Protected

Leave a Comment (Supports Markdown)

Protect this comment

Driyan

2 years ago

Reply Share

you're great, bro

-1

Leave a Comment (Supports Markdown)

Protect this comment

Mike_Root

4 years ago

Reply Share

Found this very difficult, took me lots of research to solve. Site mentioned in comments was helpful. In the end got much better at understanding sql stuff and am ready to break the interweb.

Leave a Comment (Supports Markdown)

Protect this comment

PFessORx

4 years ago

Reply Share

Very awesome and one of the CTF in this website!!

Leave a Comment (Supports Markdown)

Protect this comment

pwnsauze

1 year ago

Reply Share

I swear i knew sql for sqli like 2 months ago and i just forgot most of it ☠️

Leave a Comment (Supports Markdown)

Protect this comment

abdul0_2

1 year ago

Reply Share

show tables in information_schema.tables then show column in information_schema.columns

Leave a Comment (Supports Markdown)

Protect this comment

madhuvarun

4 years ago

Reply Share

Hello,

I have a doubt.

when given an id, it returns 3 text values (name,breed and color). When I try the payload (id=1+union+select+'a','b','c','d') why is it returning nothing.

because since when an id is given it is returning text values the result from the union operation should be text values or union query will fail.

but when I use the below payload it is working fine. id=1+union+select+1,2,3,4

the above query should cause error and should not give any results. But the app is returning 1,2,3 values on to the website.

What is happening here? Could anyone explain me?

Thanks

Leave a Comment (Supports Markdown)

Protect this comment

madhuvarun

4 years ago

Reply Share

quick update:- inplace of 1 in id=1+union+select+1,2,3,4 I have used 'a'. SO the query now is

id=1+union+select+'a',2,3,4. <---- This is returning 0 results.

But when I use below query it is returning table names.

id=1+union+select+table_name,2,3,4 from information_schema.tables <---- returns table names

No idea why. Could someone please explain?

THanks

Leave a Comment (Supports Markdown)

Protect this comment

vcth4nh

4 years ago

Reply Share

Because the sever use mysql_real_escape_string, which will change the quotation marks. You need to encode string to hex, i.e. id=1+union+select+0x61,0x62,0x63,0x64.

Leave a Comment (Supports Markdown)

Protect this comment

guysante

4 years ago

Reply Share

I don't know if you solved it yet but you inspired me, thanks.

Leave a Comment (Supports Markdown)

Protect this comment