214, 6/11 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   ka0r1
   ·Î±×ÀÎ ÆäÀÌÁö ±¸ÇöÁß header ÇÔ¼öÀÇ ÀǹÌ

http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_Web&no=141 [º¹»ç]


<?php
        $user="asdf";
        $pass="asdf";

        if($_SERVER["PHP_AUTH_USER"]==$user&&$_SERVER["PHP_AUTH_PW"]==$pass){
                echo "Succeed Access!";
        }

        else{
            header('WWW-Authenticate: Basic realm="You need to login"');
            header("HTTP/1.0 401 Unauahorized");
            echo "Failed Access!";
            exit;
        }
?>


else¹®¿¡¼­ header ÇÔ¼ö 2°³°¡ Àִµ¥
header ÇÔ¼ö´Â À¥ ºê¶ó¿ìÀú·Î »ç¿ëÀÚ ÀÎÁõÀ» ¿ä±¸Çϸç
Çì´õ Á¤º¸¸¦ À¥ ºê¶ó¿ìÀú·Î Àü¼ÛÇÑ´Ù°í Ã¥¿¡¼­ ³ª¿ÍÀÖ½À´Ï´Ù.
±×·¡µµ ¹º°¡ Á» ¸ð¸£°Ú¾î¿ä.
"·Î±×ÀÎ ÆäÀÌÁö ±¸Çö -> °Ô½ÃÆÇ ¸¸µé±â -> À¥ ÇØÅ·"À» Ä¿¸®Å§·³À¸·Î °øºÎÇÏ°í Àִµ¥
¹¹¶ö±î... ¼Ò½º Äڵ常 º¸°í¼± Ŭ¶óÀ̾ðÆ®¿Í À¥¼­¹ö°£¿¡ ÀÌ·ç¾îÁö´Â ÀÏ·ÃÀÇ °úÁ¤µéÀÌ
È®½ÇÇÏ°Ô ¸ô¶ó¼­...  ¹» °øºÎÇØ¾ß µÉÁö ¸ð¸£°Ú³×¿ä;;
¼Ó ½Ã¿øÇÏ°Ô ¹æÇâÀ» Á¦½ÃÇØÁÖ½Ã¸é °¨»çÇÏ°Ú½À´Ï´Ù.

  Hit : 4683     Date : 2013/04/10 01:47



    
rubiya header ¶ó´Â °ÍÀº Ŭ¶óÀ̾ðÆ®°¡ ¿äûÇÑ ÆäÀÌÁö¸¦ ºê¶ó¿ìÀú¿¡ Ãâ·ÂÇϱâ Àü¿¡ ¹Ì¸® ºê¶ó¿ìÀú¿¡ ÀÌ ÆäÀÌÁö°¡ °¡Áö°í ÀÖ´Â ³»¿ëÀº ¾î¶² °Í ÀÌ´Ù ¶ó°í ¹Ì¸® ¾Ë·ÁÁ༭ ºê¶ó¿ìÀú°¡ ´ëºñ ÇÒ ¼ö ÀÖµµ·Ï ÇØÁÖ´Â °ÍÀÔ´Ï´Ù.

¶ó´Â ¼³¸íÀÌ ¸íÄèÇϳ׿ä.

±×·±µ¥ php_auth_user ´Â ½ÇÁ¦·Î´Â °ÅÀÇ »ç¿ëµÇÁö ¾Ê¾Æ¿ä¤Ð¤Ð

htmlÀÇ formű׸¦ »ç¿ëÇؼ­ post ¸Þ¼Òµå·Î ¼­¹ö¿¡ °ªÀ» º¸³»ÁÖ¸é ±× °ªÀ» µ¥ÀÌÅͺ£À̽º¿¡¼­ Á¶È¸Çغ¸´Â ¹æ½ÄÀÌ ´ëºÎºÐÀÔ´Ï´Ù.

¿¹¸¦µé¾î

<form method=post action=login.php>
¾ÆÀ̵ð : <input name=id type=text>
Æнº¿öµå : <input name=pw type=password>
<input type=submit>

ÀÌ·± ÆäÀÌÁö¿¡ ¾ÆÀ̵ð¿Í Æнº¿öµå¸¦ ³ÖÀ¸¸é login.php¿¡¼­ $_POST[id] ¿Í $_POST[pw] º¯¼ö¸¦ »ç¿ëÇؼ­

mysql("select * from table where id='$_POST[id]' and pw='$_POST[pw]'");

ÀÌ·¸°Ô µ¥ÀÌÅͺ£À̽º¿¡ ÁúÀǹ®À» º¸³» °á°ú°ªÀÌ ¹ÝȯµÇ´ÂÁö¸¦ üũÇÏ´Â ¹æ½ÄÀÔ´Ï´Ù.
2013/04/10  
ka0r1 rubiya // µ¥ÀÌÅͺ£À̽º¸¦ °£°úÇؼ­ ±×³É ³Ñ¾î°£°Ô Å»ÀÌ µÇ¾ú³×¿ä.
Á¦°¡ Ã¥À» º¸¸é¼­ ÇϳªÇϳª¾¿ ´Ù º»°Ô ¾Æ´Ï°í Áøµµ¸¦ »¡¸® ³ª°¥·Á°í ±×³É ³Ñ¾î°£ ºÎºÐÀÌ Á» ÀÖ½À´Ï´Ù.
¾î¶µç ÁÁÀº ´äº¯ °¨»çÇÕ´Ï´Ù.
2013/04/10  
114   ip¸¸À¸·Î ÇØÅ·°¡´ÉÇÑ°¡¿ä?[5]     clova777
06/25 7604
113   LibrettoCMS 2.2.2 - Arbitrary File Upload ¾Æ½Ã´ÂºÐ °è½Å°¡¿ä?     Á¦·Î½Ã
06/16 3312
112   À¥ ¾ð¾î Áú¹® µå¸³´Ï´Ù.[5]     pk920207
05/31 3070
111   À¥ÇØÅ·À» ¹è¿ì°í½Í½À´Ï´Ù..[2]     edustars
05/24 3522
110   MySQL Áú¹®[2]     ka0r1
04/15 3442
109   SQL Injection[5]     ka0r1
04/14 3575
108   header¿Í body°¡ ±¸ºÐµÇ¾î ÀÖ´Â ÀÌÀ¯?[4]     ka0r1
04/12 4612
107   ·Î±×¾Æ¿ô ±¸Çö[1]     ka0r1
04/10 3585
  ·Î±×ÀÎ ÆäÀÌÁö ±¸ÇöÁß header ÇÔ¼öÀÇ ÀǹÌ[2]     ka0r1
04/10 4682
105   À¥ ÇØÅ·À» ¹è¿ì°í½Í½À´Ï´Ù.     a12341z
04/05 3139
104   ÀÌ °ø°Ý ¹«½¼ °ø°ÝÀÎÁö ¾Æ½Ã´Â ºÐ[1]     power3122
03/26 3296
103   À¥»çÀÌÆ® ÇØÅ·°ü·Ã ¹®Àǵ帳´Ï´Ù.[1]     chniow
02/27 3179
102   ½©·Î ÀÎÅÍ³Ý Á¢¼Ó     sean95
02/14 3189
101   À¥Å÷º¸´Ù°¡ ½ºÅÿÀ¹öÇ÷οì‰ç´Âµ¥     kimthon
01/19 3571
100   Áú¹®ÀÌ¿ä!![1]     sophiz
01/06 2851
99   ÀÌ ÇÁ·Î±×·¥ ¹ºÁö ¾Æ½Ã´ÂºÐ?(»çÁøêó)[8]     ygh357
12/16 4184
98   °øÀÎIP, »ç¼³IP[2]     ehdgns3136
11/06 3815
97   ¸ðÀÇÇØÅ· ¿¬½À¿¡ ÇÊ¿äÇÑ °Í.     inwoox
10/11 4036
96   °ú¿¬ ´ëÇü °Ë»ö»çÀÌÆ® ¹ö±×... ¾ÆÁ÷ °¡´ÉÇÒ±î¿ä...?[2]     magpass
10/08 3219
95   À¥ÇØÅ· ´É·ÂÀÌ µÇ½Ã´ÂºÐ¸¸ º¸¼¼¿ä~     mabini01
09/20 3569
[1][2][3][4][5] 6 [7][8][9][10]..[11]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org