SignupHide Sidebar
Username: 
Password: 
Restrict session to IP 
Statistics
47 Sites
187 Challs
9076 Posts
68125 Users
44 donations
1 Shop
47 Active Sites
World of Wargame
WeChall
TheBlackSheep
Rankk
Electrica
NewbieContest
LOST-Chall
Yashira
BrainQuest
Net-Force
HackThisSite
ThisisLegal.com
elhacker.net
TryThis0ne
TDHack
+Ma's Reversing
Hacker.org
HackBBS
Root-Me
SPOJ
Revolution Elite
W3Challs
Gekkó
Webhacking.kr
Reversing.Kr
SuNiNaTaS
Hacking-Challenges
OverTheWire.org
RedTigers Hackit
Defend the Web
Mod-X
Omega Project
ae27ff
pwnable.kr
RingZer0 Team Online CTF
pwnable.tw
Hack The Box
try to decrypt
MysteryTwister
LordofSQLi
Énigmes À Thématiques
247CTF
CryptoHack
PyDéfis
PromptRiddle
PWN.TN
pwn.college
Top 10 Players
dloser
benito255
jusb3
Caesum
tehron
phoenix1204
lordOric
thefinder
Akorlith
Xaav
Last 20 Activities
ShaunOfTheLive
NGSM
gizmore
n0ts0b4d
n0ts0b4d
cheerfulbull
n0ts0b4d
lubiq78
replicapra
ChanoSho
Haijo18
heyimsudo
mathpseudo
yurifalcn
heyimsudo
ShaunOfTheLive
ShaunOfTheLive
Harrier_Du_Bois
Munto
Karrax
Online within 1d
39 Users
gizmore
tehron
ShaunOfTheLive
emm00
heyimsudo
NGSM
ChanoSho
lakes1126
occasus
n0ts0b4d
GandalfTheWhite
replicapra
egvtjl
cheerfulbull
rafulafu
Haijo18
faust
alba1kenobi
Karrax
Harrier_Du_Bois
more
WeChall->Challenges->Challenge: No Escape

There is no escape  Go to the No Escape challenge

Global Rank: 243
Totalscore: 89476
Posts: 1675
Thanks: 1356
UpVotes: 913
Registered: 16y 272d




Last Seen: 7s
The User is Online
Send EMail to gizmore
There is no escape
Sep 28, 2010 - 00:29:18 (14y 50d) Google/translate5Thank You!3Good Post!0Bad Post! link
As this is more or less a training challenge, i'd like to give some general hints:

If you are doing your injections, make sure you don`t end a query with semicolon(;). The php mysql extension does not like that.

There is a trim() for all $_GET and $_POST data. This means any trailing space get`s removed.

In this challenge, the / character is filtered. So you can not use /**/ as mysql comment style. A nice working mysql comment style for this challenge is: ?vote_for= blub%20--%20foo

everything after ' -- ' is treated as comment, but the trailing space is important.

At last, let me give you a specific hint for this challenge: mysql_real_escape_string() might not work for your input!

Also keep in mind: Our exploits are mostly not simulated and "Code you see is code in use"

Good luck!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 6261
Totalscore: 2026
Posts: 5
Thanks: 4
UpVotes: 4
Registered: 13y 320d
Last Seen: 4y 146d
The User is Offline
RE: There is no escape
Jan 03, 2011 - 01:08:20 (13y 317d) Google/translate1Thank You!0Good Post!1Bad Post! link
Is it really possible with an MySQL-Injection? Cant pass trough the mysql_real_escape_string().
My Thougts was to manipulate simply that +1.
%20--%20 the Comment doesnt work or?

%20--%20 Shows an ErrorMessage like this:
MySqlError(1054): Unknown column 'bill -- ' in 'field list' in Query:
UPDATE noescvotes SET `bill -- `=`bill -- `+1 WHERE id=1

But all after the comment should not parsed or?
No matter the comments are only usefull if i can put a ' after my bill or george.

If another hint would break the challenge for others please write me a PM Smile
Thx for so much fun!
And sorry for my bad english iam german.
Last edited by grMf - Jan 03, 2011 - 01:10:44
Global Rank: 243
Totalscore: 89476
Posts: 1675
Thanks: 1356
UpVotes: 913
Registered: 16y 272d




Last Seen: 7s
The User is Online
Send EMail to gizmore
RE: There is no escape
Jan 03, 2011 - 01:36:26 (13y 317d) Google/translate2Thank You!1Good Post!0Bad Post! link
Look closely again how the query is build Smile
Injecting mysql in this challenge is quite easy.
The geeks shall inherit the properties and methods of object earth.
Global Rank: 6261
Totalscore: 2026
Posts: 5
Thanks: 4
UpVotes: 4
Registered: 13y 320d
Last Seen: 4y 146d
The User is Offline
RE: There is no escape
Jan 03, 2011 - 17:24:36 (13y 317d) Google/translate2Thank You!2Good Post!0Bad Post! link
Thx this was close enough Smile
Great Challenge!
Global Rank: 16086
Totalscore: 72
Posts: 1
Thanks: 1
UpVotes: 1
Registered: 13y 61d
Last Seen: 11y 252d
The User is Offline
RE: There is no escape
Sep 20, 2011 - 18:45:59 (13y 57d) Google/translate1Thank You!1Good Post!0Bad Post! link
Ive been trying evrything and searched for the mysql_real_escape_string(), but could get to nowhere. Can you please give me another clue ?? Please please .-) I found that the function does not excape some chars, but could find any usefull with them.

Thank you
Last edited by estenole - Sep 20, 2011 - 18:49:15
Global Rank: 243
Totalscore: 89476
Posts: 1675
Thanks: 1356
UpVotes: 913
Registered: 16y 272d




Last Seen: 7s
The User is Online
Send EMail to gizmore
RE: There is no escape
Sep 21, 2011 - 16:23:50 (13y 56d) Google/translate1Thank You!0Good Post!1Bad Post! link
There is already a very big hint in my previous post ... and you are on a good track ... keep trying!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 14668
Totalscore: 120
Posts: 1
Thanks: 1
UpVotes: 1
Registered: 8y 233d
Last Seen: 8y 134d
The User is Offline
RE: There is no escape
Jun 26, 2016 - 08:48:42 (8y 141d) Google/translate1Thank You!1Good Post!0Bad Post! link
Gizmore first post helps out the most as i was stuck on commenting the rest of the command
Global Rank: 5153
Totalscore: 3064
Posts: 2
Thanks: 1
UpVotes: 0
Registered: 8y 78d
Last Seen: 8y 61d
The User is Offline
RE: There is no escape
Aug 31, 2016 - 00:31:23 (8y 76d) Google/translate0Thank You!0Good Post!0Bad Post! link
Huh... I kept getting errors until I added the trailing space, and now I get two green boxes (Vote counted for [INJECTION] and All votes have been reset), leading me to believe that I solved it, but it doesn't show up as solved in my challenges, and I am not on the Heroes list.
Global Rank: 1
Totalscore: 759083
Posts: 437
Thanks: 496
UpVotes: 469
Registered: 15y 110d












The User is Offline
RE: There is no escape
Aug 31, 2016 - 18:02:00 (8y 75d) Google/translate1Thank You!1Good Post!0Bad Post! link
Check the code. There are two ways to get those messages, only one is the solution.
Global Rank: 5153
Totalscore: 3064
Posts: 2
Thanks: 1
UpVotes: 0
Registered: 8y 78d
Last Seen: 8y 61d
The User is Offline
RE: There is no escape
Sep 03, 2016 - 00:24:32 (8y 73d) Google/translate1Thank You!0Good Post!0Bad Post! link
Hah, I got it. It just didn't like me going overboard and using 999 instead of 111 in my injection.
Redknee, dbhui1984, testlele, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 18060 times.