http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_Web&no=236 [º¹»ç]
<!--Ignore this.-->
<html><body><form action='sqli_nth.php' method='get'><table><tr><td>id</td><td><input type='text' name='id'></td></tr><tr><td>pw</td><td><input type='text' name='pw'></td></tr><tr><td><input type='submit'></td></tr></table></form><hr></body></html>
<?php
require 'config.php';//Ignore this.
require 'flag.php';//Ignore this.
$mysqli = mysqli_connect('localhost', 'newbiesqli2', 'newbiesqli_2', 'newbiesqli2') or die('Error : Please let dohyeokkim know this happening.');//Ignore this.
$q = "select * from sqli2 where id='{$_GET[id]}' and pw='{$_GET[pw]}'";//query
if(preg_match('/admin|x|b|conv|id|pw|\(/i', $_GET[id])) exit("No!");
if(preg_match('/admin|x|b|conv|id|pw|\(/i', $_GET[pw])) exit("No!");
echo $q;//This will show you query.
echo '<hr>';
$result = mysqli_fetch_array(mysqli_query($mysqli, $q));//Ignore this.
//result
if($result[id]){
echo 'Succeed in login.<br>Hi! '.$result[id].'<br><br>';
if($result[id] == 'admin')
solve('sqli_nth');//Good!
}
else
echo 'Failed to login.';
echo '<hr>';
highlight_file(__File__);//This will show you query.
?>
'or '1'='1 °°Àº °ÍµéÀº ¾ÈµÇ³×¿ä...... |
Hit : 3130 Date : 2017/03/24 11:01
|