215, 1/11 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ÇØÅ·ÀßÇÏ°í½Í´Ù
   http://¾øÀ½
   Lord of SQL Injection Troll Áú¹®

http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=288 [º¹»ç]


query : select id from prob_troll where id='0x61646d696e'

<?php  
  include "./config.php";
  login_chk();
  $db = dbconnect();
  if(preg_match('/\'/i', $_GET[id])) exit("No Hack ~_~");
  if(preg_match("/admin/", $_GET[id])) exit("HeHe");
  $query = "select id from prob_troll where id='{$_GET[id]}'";
  echo "<hr>query : <strong>{$query}</strong><hr><br>";
  $result = @mysqli_fetch_array(mysqli_query($db,$query));
  if($result['id'] == 'admin') solve("troll");
  highlight_file(__FILE__);
?>





´ë¹®ÀÚ·Î ?id=AdminÀ» Çصµ ÇÊÅ͸µÀÌ µÇ´õ¶ó±¸¿ä.
ÀÌ°Å °ø·« ¾î¶»°Ô ÇÏ´Â °ÇÁö ÈùÆ® Á» ÁÖ¼¼¿ä...
  Hit : 859     Date : 2025/02/18 09:49


    
ÇØÅ·ÀßÇÏ°í½Í´Ù ÇØ°áÇß½À´Ï´Ù.

adadminminÀ̶ó°í id°ªÀ» ÁÖ¸é ÇÊÅÍ°¡ admin¸¸ µÇ¾î¼­
°á±¹ adminÀ̶ó°í ÀԷµdz׿ä... ¤·¤·

p.s. sqlmap¾²¸é ¿©·¯¸ð·Î Æí¸®Çѵ¥ ¤»¤§¤»¤§		 2025/02/22