Return to forum

Xqx · June 6, 2022 at 9:58 PM

(June 5, 2022, 11:52 PM)pompompurin Wrote: Challenge Hosted by @420

I already have the money in my wallet and I'm holding it for whoever is able to dump it first. The prize is $1000 USD in Bitcoin.

The challenge is this:
- There is an SQLi Vulnerability on https://coolproxies.com
- He's known about it for years now, but has never found anyone skilled enough to figure out how to exploit it correctly.

Here is the vulnerable page: https://coolproxies.com/pl/freeproxylist.php?cc='

Also to give you a helping hand, you can bypass Cloudflares WAF which will block 99% of SQLi attacks by attempting to attack the vulnerability from the backend.

Backend: https://192.99.224.79/pl/freeproxylist.php?cc=' (MAKE SURE YOU HAVE THE HEADER "Host: coolproxies.com" set or else it will not show up, example: https://i.breached.co/gt3SIuDsaaFRhJZ4.png)

To prove that you've indeed hacked it, you will need to provide the list of databases, the first 10 user entries, and a working example. First person to get it wins.

Good luck !

The server is down

badhou3a · June 6, 2022 at 10:00 PM

Error 525 ssl handjob failed :-/

mud · June 7, 2022 at 4:17 AM

@Sleep just won.

Max · June 7, 2022 at 6:07 AM

Sleep will dump this so fast!

fuckiraq · June 7, 2022 at 8:17 AM

(June 7, 2022, 04:17 AM)mud Wrote: @Sleep just won.

cap

rftuietvoy · June 7, 2022 at 8:29 AM

owner has read this article, he provides sample to successfully prove 1000$ and fix it, LOL

cod · June 7, 2022 at 9:22 AM

(June 7, 2022, 06:07 AM)Max Wrote: Sleep will dump this so fast!

"SleepTheGod" :sleepy:

pompompurin · June 7, 2022 at 6:44 PM

Winner is @TarTarX, congrats to them !