215, 1/11 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ºí·çÀ®
   http://commaster.egloos.com
   sql injection Áú¹®µå¸³´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=107 [º¹»ç]


id : admin
pw : 'or1=1--

select * from member where id='admin' and pass = ''or 1=1--'                
¾ÏÈ£¿¡ 'or 1=1-- ±¸¹®À» ³ÖÀ¸¸é À§¿Í °°Àº sql±¸¹®ÀÌ ³ª¿À´Â°Å ¸ÂÁÒ?
Á¦ »ý°¢¿¡´Â ¾ÆÀ̵ð´Â admin ÀÌ°í, Æнº¿öµå´Â °ªÀÌ ¾Èµé¾î°¡´Â
°Å ¾Æ´Ñ°¡¿ä? ±×·¯¸é À̶§ ¾ÏÈ£°¡ ¾ø´Ù°í ¶ß´Â°ÇÁö ¾Æ´Ï¸é..
null°ª ÀÚüµµ ÀνÄÇؼ­ null °ªÀ» ¹Þ¾Æ ¾ÆÀ̵ð¿Í Æнº¿öµå ºñ±³Çؼ­ °ÅÁþÀ¸·Î ³ª¿À°í
±×´ÙÀ½ 1=1 °ú ºñ±³Çؼ­ °á±¹ ÂüÀÌ ³ª¿Í Á¶°ÇÀ» µ¹·ÁÁشٴ ¶æÀΰ¡¿ä?
                        


p.s
select * from member where id='admin' and pass = '1313'or1=1--'

¿Ö À̱¸¹®ÀÌ ¾ç½ÄÀÌ Æ²¸°°Ç°¡¿ä?

  Hit : 4241     Date : 2012/04/07 11:50


    
cd80 --µÚ¿¡ °ø¹éÀÌ ÇÑÄ­ÀÌ»ó ÀÖ¾î¾ß ÁÖ¼®Ã³¸® µÇ´Â°É·Î ¾Ë°íÀÖ½À´Ï´Ù
Àúµµ µè±â¸¸ÇѰŶó ¿Ö ±×·±Áö´Â ¸ð¸£°Ú³×¿ä		 2012/04/07  
ºí·çÀ® ±Û½ê¿ä -- µÚ¿¡ °ø¹é ¾È³Ö¾îµµ µÇ´øµ¥.. ¹®Á¦´Â '' ÀÌ°ÅÇÏ°í '1313' µÑ´Ù ¾îÂ÷ÇÇ FALSE °ª ³ª¿ÃÅÙµ¥ ¿Ö '1313'ÀÌ·¸°Ô µÇ¸é ¾ÈµÇ´Â°ÇÁö ¸ð¸£°Ú´Ù´Â°Å¿¡¿ä ..~
 2012/04/07  
supershop ¶ç¾î¾²±â°¡ ¾È µÇ¼­ ±×·±°Ô ¾Æ´Ò±î¿ä... 2012/04/08