Table Names II (MySQL, Exploit)
Your mission...
Is to find out the database and table name used in this sql injection challenge.
This time, We have blocked a few keywords!
You can see the sourcecode, also as highlighted version.
Click here to access the vulnerable script.
We already created a fake account:
Username: test
Password: test
As solution enter the database and table name separated with an underscore, like "databasename_tablename".
This time, We have blocked a few keywords!
You can see the sourcecode, also as highlighted version.
Click here to access the vulnerable script.
We already created a fake account:
Username: test
Password: test
As solution enter the database and table name separated with an underscore, like "databasename_tablename".
GeSHi`ed PHP code for challenge.php
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 19 2021 22 23 24 2526 27 28 29 3031 32 33 34 3536 37 38 39 4041 42 43 44 4546 47 48 49 5051 52 53 54 5556 57 58 59 6061 | <?php $secret = require('secret.php'); chdir('../../../'); define('GWF_PAGE_TITLE', 'Table Names II'); require_once('challenge/html_head.php');require(GWF_CORE_PATH.'module/WeChall/solutionbox.php'); if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) { $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 6, 'challenge/nurfed/more_table_names/index.php', $secret['flag']);} $chall->showHeader(); $chall->onCheckSolution(); if (false !== Common::getGet('login')){ $username = Common::getGetString('username', ''); $password = Common::getGetString('password', ''); if (preg_match('/statistics|tables|columns|table_constraints|key_column_usage|partitions|schema_privileges|schemata|database|schema\(\)/i', $username.$password)) { echo GWF_HTML::error(GWF_PAGE_TITLE, $chall->lang('on_match')); } else { if (false === ($db = gdo_db_instance($secret['host'], $secret['username'], $secret['password'], $secret['database']))) { die('Database error.'); } $db->setVerbose(false); $db->setLogging(false); $db->setEMailOnError(false); $query = "SELECT * FROM {$secret['database']}.{$secret['table_name']} WHERE username='$username' AND password='$password'"; if (false === ($result = ($db->queryFirst($query, false)))) { echo GWF_HTML::error(GWF_PAGE_TITLE, $chall->lang('on_login_fail')); } else { $user = isset($result['username']) ? $result['username'] : ''; $message = isset($result['message']) ? $result['message'] : ''; echo GWF_HTML::message(GWF_PAGE_TITLE, $chall->lang('on_logged_in', array(GWF_HTML::display($user), GWF_HTML::display($message)))); } } } ?><div class="box box_c"> <form action="challenge.php" method="get"> <div><?php echo $chall->lang('username'); ?>: <input type="text" name="username" value="" /></div> <div><?php echo $chall->lang('password'); ?>: <input type="text" name="password" value="" /></div> <div><input type="submit" name="login" value="<?php echo $chall->lang('login'); ?>" /></div></form> </div> <?php echo $chall->copyrightFooter(); require_once('challenge/html_foot.php'); |
© 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by nurfed