I've solved some of the challenges from SQLol but I got stuck on challenge 6. After searching online, many sources said PHP prevents stacked queries when querying MYSQL. Is that a challenge even possible to solve? I have no access to the PHP source code so I will not be able to use the mysqli_multi_query(). Is there any possible ways to do this challenge?
objective is to create a new table called "ipwntyourdb" using stacked queries
The link for the challenge is http://attack.samsclass.info/sqlol/challenges/challenge6.php .
This is the query:
SELECT username FROM users
WHERE username = '___________' GROUP BY username ORDER BY username ASC
The underline part is the syntax that we need to input in.
These are the following that I have tried:
'; create table ipwntyourdb (id int); --'; start transaction; create table ipwntyourdb (id int); commit; --
Aucun commentaire:
Enregistrer un commentaire