SQLi test #2

[Crassus]

Quite a few people have completed the other one so thought I'd make a new thread. People also said in the other thread they wanted to find injectable url themselves so here you go:

You must reply to see links

Pm me:
1)syntax used to retrieve database version.
2)password for user 'Andy' + syntax you used to retrieve it.

I don't think automated tools will work for this but I could be wrong. For this reason I will NOT be accepting just the password.

People completed so far:
1)Gimppy042
2)batfink
3)spot_1337

Good luck.

[IonCuber]

Pm has been sent with root access

[Crassus]

(12-13-2011 07:13 PM)Mirage Wrote:

You must reply to see links

Pm has been sent with root access

Send again. I've not received it.

[Scarecrow]

I will in a second, once I get some free time.

[Crassus]

(12-14-2011 01:42 AM)Gimppy042 Wrote:

You must reply to see links

Just pmd you the answer and all your requested work, plus some (all my documentation from start to finish)

Thanks for the challenge. That was kick ass fun! Tougher then the first one!

This was still basic. If a few people post the answer I'll post a pure evil one.

[IonCuber]

I am not going to exploit it again because you accidentally deleted my pm to you... I have more important stuff to do.

[Crassus]

Lol I never received any pm's from you. What would I gain from deleting it?

Any sent messages will be in your sent box. re-send it from there? Or don't. makes no difference to me..

[IonCuber]

Yeah it must of not sent, I will exploit it again when I get home...

[chronicle333]

i still need to read and study about this, i have no idea how to do this (

[Crassus]

(12-15-2011 09:11 PM)Gimppy042 Wrote:

You must reply to see links

(12-15-2011 05:53 PM)chronicle333 Wrote:

You must reply to see links

i still need to read and study about this, i have no idea how to do this (

Well get going! Need some more people to figure this one out!

I second this. People don't seem to be that interested in hacking on this hacking forum.