Questions and Answers

How do I collect points?

  • +5
    Chosen as best answer
  • +1
    Posted answer
  • +1
    Posted question
  • +1
    Thumb up
  • -1
    Thumb down
4

by _4p0pH1S_ in Challenge Help about December 14, 2016 open - report

Basic 24 SQLi User Agent

Hi all,

I am really stuck in this one. I have solved 40 by now but this one makes no sense for me. I have found the injection point and the name of the table I have to look for in. Now I need to guess the column names. As I cannot access the schema becuase is throwing all the time the same message, regardless of the query, This approach should work and it doesn't:

injectionPointinHere: A UNION SHOW COLUMNS FROM [table_name_here] LIMIT 0,1

Beating a possible problem with the number of results returned by the query. May somebody tell me what am I doing wrong? I have invested 4 hours and I am really missing something important.

Answers: 2 • Score 0 • Views: 676
Browse by
  • 4

    by tauheeds1 about February 13, 2017

    use temper data (Mozila firefox plugin), Burp Suite etc....

    • Score: 0
  • 10

    by gatuno about February 5, 2017

    Hello Dude

    if you have some program to modify your Agent, try to sql injection inside the agent

    ;)

    • Score: 0
You must login to post an answer.