Challenge # 3


makman
Member
Registered: 25.11.13 22:34
Timezone: UTC +0
Posts: 1

Hello All,

I've been working on SQLi challenge no. 3 for two days now. I have tried almost everything to bypass the filter including URL encoding, C-style comments & HEX conversion. I know few alternatives to some of the filtered keywords like query termination, comments etc. but not others like AND , OR .. I don't think it can be injected without 'AND' keyword.

So my question is .. Do we even need to bypass that filter ? or can we do this injection without AND or OR ? Please point me in the right direction.

Thank you,smile
Regards,


ynori7
Administrator
Registered: 24.08.11 12:16
Timezone: UTC +2
Posts: 130

There could be many solutions, but the one that I'm aware of doesn't require you to bypass the filter. It might be worth noting that this is a SQLite database.

i537.photobucket.com/albums/ff338/ynori77/archenemysig1.jpg


kincses
Member
Registered: 21.09.14 09:37
Timezone: UTC +1
Posts: 4

ynori7 wrote:
There could be many solutions, but the one that I'm aware of doesn't require you to bypass the filter. 

I'm wondering what do we mean by 'bypass', is it about forcing a filtered word or maaaybe using something that isn't filtered?

It might be worth noting that this is a SQLite database.

WHY??
Why is it so important, that this is SQLite?
What's so damn special about you, SQLite?

Edit: Got it ^^