214, 5/11 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   dudtntdud
   False Injection¿¡ °üÇÑ Áú¹®ÀÔ´Ï´Ù.

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_Web&no=230 [º¹»ç]


Mysql ±¸¹®¿¡¼­

select * from where id = 0; À» ´ëÀÔÇÒ°æ¿ì ¸ðµç id°ªÀÌ ³ª¿À´õ¶ó°í¿ä

0Àº false°ªÀ¸·Î ¾Ë·ÁÁ® Àִµ¥ ¾î°¼­ ¸ðµç °ªÀ» Ãâ·ÂÇØÁִ°ǰ¡¿ä.
  Hit : 2674     Date : 2017/01/18 06:01


    
jinmo123 Ȥ½Ã id°¡ ¼ýÀÚ°¡ ¾Æ´Ñ ¹®ÀÚ¿­·Î ½ÃÀÛÇÏ´Â ¹®ÀÚ¿­ÀÌ ¾Æ´Ñ°¡¿ä? ±×·² °æ¿ì¿¡´Â ¼ýÀÚ 0°ú ºñ±³ÇÏ¸é ¼ýÀÚ·Î º¯È¯Çؼ­ ºñ±³Çϱ⶧¹®¿¡ ¸ðµÎ 0À̶û °°°Ô µË´Ï´Ù 2017/01/18  
chaneyoon Çä ÀÌ ºÐ »ýÈ°ÇØÅ·¿¡¼­µµ º» °Í °°Àºµ¥ 2017/01/19  
chaneyoon mysql> select * from rank;
+------+-------+
| id | score |
+------+-------+
| aaa | 1 |
| bb | 39 |
| ccc | 349 |
| ddd | 33 |
| eee | 982 |
| fff | 2 |
| 1a | 320 |
+------+-------+
7 rows in set (0.00 sec)

ÀÌ·± Å×À̺íÀÌ ÀÖÀ» ¶§ ¸¸¾à

select * from rank where id=0 À̶ó´Â Äõ¸®¸¦ ½ÇÇàÇÏ°Ô µÇ¸é,

+------+-------+
| id | score |
+------+-------+
| aaa | 1 |
| bb | 39 |
| ccc | 349 |
| ddd | 33 |
| eee | 982 |
| fff | 2 |
+------+-------+

ÀÌ·¸°Ô ¾Õ¿¡ ¼ýÀÚ°¡ ¾ø´Â Á¤º¸µéÀÌ ³ª¿À°Ô µÇ°í,

¶Ç "select * from rank where id=1" À̶ó´Â Äõ¸®¸¦ º¸³»°Ô µÈ´Ù¸é
+------+-------+
| id | score |
+------+-------+
| 1a | 320 |
+------+-------+

ÀÌ·¸°Ô ¾ÕÀÌ 1·Î ½ÃÀÛÇÏ´Â Á¤º¸µéÀ» ºÒ·¯¿À´Â ¿ø¸®¿Í ºñ½ÁÇÏÁö ¾ÊÀ»±î ½Í½À´Ï´Ù
 2017/01/19  
134   ÇØÅ·¿¡ ±âÃʸ¦ ´ëÇؼ­ ¾Ë¾Æº¸·Á°íÇϴµ¥[2]     ggab_coke
 05/01 3574
133   ÇØÄ¿ °í¼öºÐµé ¼³¸íÁ» ºÎŹµå¸³´Ï´Ù.¤Ð¤Ð wpe-pro ÅäÅ©¿Â[2]     tjrqo12
 10/13 7900
132   ÇØÄ¿ ¸ðÁý.»çÀÌÆ®´ç 600¸¸¿ø Áö±Þ, Ÿ°Ù 24°÷, ÀºÇà ¹× ±â°ü ¾Æ´Ô.[4]     bestloan
 01/06 4346
131   ÇØÄ¿µéÀÇÇØÅ·¹æ½Ä[2]     jhm2882
 12/17 5628
130   eval¿¡ ´ëÇؼ­[3]     yeastblue
 10/05 3327
129   ȨÆäÀÌÁö µðµµ½º ¿ø¸®?[1]     tbxmaos
 02/12 2699
  False Injection¿¡ °üÇÑ Áú¹®ÀÔ´Ï´Ù.[3]     dudtntdud
 01/18 2673
127   file upload Ãë¾àÁ¡ Áú¹®ÀÔ´Ï´Ù.[5]     hyunmin8
 09/25 4233
126   ftz level5 --> level6¿¡¼­¿ä[1]     31337ÇØÄ¿½º
 08/10 3320
125   get method ¿¡ °üÇÑ Áú¹®[1]     ewqqw
 03/13 2799
124   googlebig.com/hackgame ¿¡¼­ ³ª¿À´Â XSS¹®Á¦ Áú¹®µå¸³´Ï´Ù.[2]     Ilios
 11/23 5831
123   hackthissite.org ÀÇ basic 2¹ø¹®Á¦..[3]     $Zero
 03/15 3229
122   header¿Í body°¡ ±¸ºÐµÇ¾î ÀÖ´Â ÀÌÀ¯?[4]     ka0r1
 04/12 4698
121   htmlÄڵ带 Çí½º·Î º¯È¯ÇØ ½ÇÇàÇÒ¼ö ÀÖ³ª¿ä?[2]     kangms0801
 01/16 4327
120   HTTP Çì´õ[1]     chaneyoon
 04/30 2848
119   IP ÁÖ¼Ò¿¡ ´ëÇÑ Áú¹®ÀÔ´Ï´Ù ^^[5]     ½º³ë
 03/27 3811
118   ip¸¸À¸·Î ÇØÅ·°¡´ÉÇÑ°¡¿ä?[5]     clova777
 06/25 7709
117   javascript ¹× xss ¿¡ °üÇÑ Áú¹®ÀÔ´Ï´Ù.[1]     haxx
 10/23 3517
116   KISA ÇØÅ·¹æ¾î ÈÆ·ÃÀå WEB ¹®Á¦¿Í °ü·ÃÇؼ­ Áú¹®µå¸³´Ï´Ù.[1]     jhjang1005
 07/16 3508
115   level1¿¡¼­¿ä...[2]     studen1
 06/05 3412
[1][2][3][4] 5 [6][7][8][9][10]..[11]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org