Modsecurity SQLi Challenge
Hey fellow slackers, I just wanted to share with you this SQLi Challenge sponsored by Modsecurity. The challenge consists of two levels, the first one is a speed test which is pretty straight forward -...
View ArticleRe: Modsecurity SQLi Challenge
I'm interested on how you might bypass the inbound alerts. The site I looked at was using an JetSQL (Access) database, which makes things difficult since there is not an inline commenting structure for...
View ArticleRe: Modsecurity SQLi Challenge
The test sites use different DBMS, so if you get stuck on one you can always try a different site. I'm close to solving level 2 using the Acuart site. Haven't really tried any of the other ones yet.
View ArticleRe: Modsecurity SQLi Challenge
Do we have to get output or blind injection too all tables is fine?
View ArticleRe: Modsecurity SQLi Challenge
blind SQLi is fine too as long as you can extract the data without triggering any alert.
View Article