215,

1/11

ewqqw

SQL injection 기본

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=236 [복사]

<html><body><form action='sqli_nth.php' method='get'><table><tr><td>id</td><td><input type='text' name='id'></td></tr><tr><td>pw</td><td><input type='text' name='pw'></td></tr><tr><td><input type='submit'></td></tr></table></form><hr></body></html>

<?php
  require 'config.php';//Ignore this.
  require 'flag.php';//Ignore this.

  $mysqli = mysqli_connect('localhost', 'newbiesqli2', 'newbiesqli_2', 'newbiesqli2') or die('Error : Please let dohyeokkim know this happening.');//Ignore this.

  $q = "select * from sqli2 where id='{$_GET[id]}' and pw='{$_GET[pw]}'";//query

  if(preg_match('/admin|x|b|conv|id|pw|\(/i', $_GET[id])) exit("No!");
  if(preg_match('/admin|x|b|conv|id|pw|\(/i', $_GET[pw])) exit("No!");

  echo $q;//This will show you query.
  echo '<hr>';

  $result = mysqli_fetch_array(mysqli_query($mysqli, $q));//Ignore this.

  //result
  if($result[id]){
    echo 'Succeed in login.<br>Hi! '.$result[id].'<br><br>';

    if($result[id] == 'admin')
      solve('sqli_nth');//Good!
  }
  else
    echo 'Failed to login.';

  echo '<hr>';

  highlight_file(__File__);//This will show you query.
?>

'or '1'='1 같은 것들은 안되네요......

Hit : 3978 Date : 2017/03/24 11:01