[WEB] ezpz

A small hint for the last step. You don’t really need the column.

Someone can give a hint about WAF bypass?
I can’t using union and select, tried to use comments(se/**/lect), Unicode, but everything blocks

Type your comment> @VolandRon said:

Someone can give a hint about WAF bypass?
I can’t using union and select, tried to use comments(se/**/lect), Unicode, but everything blocks

Read this and take a pen-tester’s approach:

For those who are still struggling with this, YES: the challenge is actually easy peasy. But, of course, the injection point needs some thought (the usual "I ran S**m*p against the server and I’m done with it’ approach won’t work here).

what a ride…whoever calls this challange ezpz is drunk or drogged :smiley: :smiley:

i know that others have pointed to some urls for help but its much more than just that.
hint:
as some mentioned before: search for php obj injection and take some parameters from there and start your enumeration
when you find the right parameter, put your s**i after the ID.
Now the tricky part begins, follow the suggested github pages but you will need to send the right query to JOIN the game. the waf is picky.
hope its not to a spooiler.

i did it manually and it took me 2 days. PM me if you need help.

Found the flag via two ways. The more complicated one needs neither u***n nor j***, and in c*se you want to know its just lik* a smart hammer. However two INNOvative things are still needed to find the target.

Did someone figure out how many cols the target has? My code fails enumeration after ~130. It only needs j*** (and currently u***n) and no information_ but some stats from m***l to get a name. It works at home and for all standard non-filtered stuff on the server. Seems to the waf wants us to be brief. Would appreciate a nudge on how to make my query work or find an alternative way to get colnum of a given thing.

Got flag, thanks to @Z1LV3R for a nudge in a right direction!

found a python script that you can use to test the commands that the waf will either block or let in…PM for it

Thanks, I enjoyed it. I do recommend you write your own python program on this challenge.

I managed to get the user, the database, and the table where the website tips come from but I have no idea what to do next. are there other tables im missing?

great challenge!

I used a bash script, but forgot about removing newlines when preparing the payload. This resulted in me thinking the WAF was blocking requests over a certain length (and me wasting hours) ?‍♂️

Apart from my stupidity, it was a nice challenge.

What a rollercoaster so far, this challenge is really addictive. I think I’m almost there give the information I’ve been able to leak so far, but unable to get the flag.

Maybe someone can give me a nudge? I’ve leaked the schema and found two tables in the current database for data which one of them might not be guessable.
I’m able to get column information but the case is I’m not able to leak the contents or the like with sqli for the flag and complete this ezpz challenge :frowning:

anyone PM, i’m stucking

Could it be this challenge is broken? I verified my solution with another user but I’m not able to get the flag. The user is also not able to get the flag with his solution anymore.

Can maybe some other users who solved this challenge verify their solution is still working?

Type your comment> @0xRCE said:

Could it be this challenge is broken? I verified my solution with another user but I’m not able to get the flag. The user is also not able to get the flag with his solution anymore.

Can maybe some other users who solved this challenge verify their solution is still working?

Just did it again and can confirm its working as (I think) intended

For all the people who sent a PM, many thanks. It’s really appreciated.

I got the flag, it was my own mistake in the end, blind from experience and the assumption casing doesn’t make a difference.
Long story short, always doubt your own assumptions, and validate them even if you are convinced it doesn’t make a difference.

Hey could someone give me a nudge with bypassing WAF

Hi!
I think there is a problem with the creation of the instances for this challenge. I was working on it yesterday and it was working fine. But now I can’t connect to the webserver port when I create a new instance.

Can someone one validate that it’s not just me?

Thank you!

Type your comment> @0ca said:

Hi!
I think there is a problem with the creation of the instances for this challenge. I was working on it yesterday and it was working fine. But now I can’t connect to the webserver port when I create a new instance.

Can someone one validate that it’s not just me?

Thank you!

Same issue with me here

Get it, I think this challenge is not worth the time passed on it.
But anyway, even if i feel that i’ve wasted my time i’ve learned a bit of stuff.

This challenge in an union of error and trial.