Current Status: SOLVED
Link to challenge:
Dear Nulled Users,
A few months ago we have released a Cracker award to the community. We have awarded it to many members by this time. We are very proud by the amount of good crackers we have, and believe most of you have h4x1ing skills as well. Thus, we would like to introduce Nulleds first SQLi challenge.
Your goal is to list every user on the website using sql injection.
Rewards
- Cracker award
- Unique award
- Username color: Tommy
The challenge lasts until solved. The reward will be given to the FIRST users who submits (through PM) the user/pass combo to JokerArt.
Tips (updated daily)
- Building your payload manually will give you a higher chance of finding a solution, spamming tools on the site will get you nothing (30.09 1:15pm)
- Your payload should not contain a space (30.09 1:15pm)
- The SQL Error is now being displayed (30.09 1:15pm)
- If you use tools such as sqlmap, make sure to define a prefix and suffix (30.09 1:15pm)
- The query is built like this: (30.9 11:00pm)
- Line breaks inside the query do help (%0A) (30.9 11:00 pm)
- Database name: "nulledsqlchal", table name: "kappa", columns: "id, user, pass" (02.10.2016 1:30pm)
Good luck everyone.
- Nulled Staff