DoR@Hee의 끄적끄적
webhacking.kr 49번 본문
문제 46번문제와 상당히 비슷한 문제이다. cash만 출력 안될뿐
힌트를 보도록 하자.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 | <html> <head> <title>Challenge 49</title> </head> <body> <h1>SQL INJECTION</h1> <form method=get action=index.php> level : <input name=lv value=1><input type=submit> </form> <? if(time()<1258110000) exit(); if($_GET[lv]) { if(eregi("union",$_GET[lv])) exit(); if(eregi("from",$_GET[lv])) exit(); if(eregi("select",$_GET[lv])) exit(); if(eregi("or",$_GET[lv])) exit(); if(eregi("and",$_GET[lv])) exit(); if(eregi("\(",$_GET[lv])) exit(); if(eregi("\)",$_GET[lv])) exit(); if(eregi("limit",$_GET[lv])) exit(); if(eregi(",",$_GET[lv])) exit(); if(eregi("/",$_GET[lv])) exit(); if(eregi("by",$_GET[lv])) exit(); if(eregi("desc",$_GET[lv])) exit(); if(eregi("asc",$_GET[lv])) exit(); if(eregi("cash",$_GET[lv])) exit(); if(eregi(" ",$_GET[lv])) exit(); if(eregi("%09",$_GET[lv])) exit(); $q=@mysql_fetch_array(mysql_query("select id from members where lv=$_GET[lv]")); echo($q[0]); if($q[0]=="admin") @solve(); } ?> <!-- index.phps --> </body> </html> | cs |
46번 문제와 상당히 비슷한 문제이므로 자세한 분석은 생략
성공
'WarGame > WebHacking.kr' 카테고리의 다른 글
| webhacking.kr 51번 (0) | 2019.03.01 |
|---|---|
| webhacking.kr 50번 (0) | 2019.02.27 |
| webhacking.kr 48번 (0) | 2019.02.27 |
| webhacking.kr 47번 (0) | 2019.02.26 |
| webhacking.kr 46번 (0) | 2019.02.26 |
'WarGame/WebHacking.kr' Related Articles
more
Comments