SQL Injection Challenge #2

Things Are Not Always What They Appear To Be — There is no spoon

This is my second SQL injection challenge. Just like the first one I am not going to spoil any details about it because that would just ruin all the fun 🙂

Get hacking by going to the challenge, or you can go to the challenge list.

Have fun!

SQL Injection challenge #1 – The Details & Solutions

I was supposed to wait for a couple of days with posting this, but I see in the logs that the only requests coming in now is from the blog post written by the guy who first solved this.

About a week ago I wrote an sql injection  challenge that was posted on a couple of forums, #vulnhub (freenode) and on Twitter. After several days of people destroying my server with sqlmap, Havij, iMacro and sql ninja a solution was provided, but not by one of the tool users 🙂 This was solved using the good old manual approach. So now that the challenge has been solved, I decided to publish the source, and a few different solutions to this challenge.

If you want to give it a go, you can find the challenge here.

This challenge was a great proof that manual > tools! 😀

First, I want to congratulate DiabloHorn who was the first one to complete the challenge. He also wrote a “how-to” post explaining how he solved my challenge. You can read his post here.