|
|
|
|
|
|
|
|
|
|
|
|
|
214, 6/11 |
|
ka0r1 | |||||||
SQL Injection | |||||||
http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_Web&no=144 [º¹»ç]
Hit : 3639 Date : 2013/04/14 02:53
|
|||||||
rubiya | last_name = 'Your Name or 1=1' Äõ¸® ±×´ë·Î last_name ÀÌ ÄÞ¸¶ »çÀÌ¿¡ ÀÖ´Â 'Your Name or 1=1' ÀÎ °ªÀ» ¹ÝȯÇ϶ó´Â ÀǹÌÀÔ´Ï´Ù. char a = 'Your Name or 1=1'; ÀÌ°Í°ú ºñ½ÁÇÏ´Ù°í º¸½Ã¸é ÁÁÀ» °Í °°½À´Ï´Ù. |
2013/04/14 | |
ka0r1 | Á¦°¡ Áú¹®¿¡ ±ÛÀ» ¿Ã¸®¸é¼ ´äÀ» ½á¹ö·È³×¿ä ¤»¤»¤»¤» Your Name or 1=1 (FALSE or TRUE) ==> °á±¹¿£ ³í¸®¿¬»êÀÚ¿¡ ÀÇÇØ FALSE°¡ µÈ´Ù. ÀÌ·¸°Ô ÀÌÇØÇÏ¸é µÇ³ª¿ä? Your Name ÀÚü°¡ FALSEÀΰǰ¡¿ä? |
2013/04/14 | |
rubiya | last_name ÀÇ °ªÀÌ Your Name or 1=1 ÀÌ·¸°Ô 16±ÛÀÚÀÎ °ªÀÌ¿ä! or À̶ó´Â ´Ü¾î°¡ µé¾îÀÖ´Ù°í Çؼ last_nameÀÇ ÀÎÀÚ°¡ ³¡³ª´Â°Ô ¾Æ´Ï¿¹¿ä '°¡ ¿À´Â¼ø°£ÀÌ ÀÎÀÚ°¡ ³¡³ª¿è ±×¸®°í false or true¸é trueÀԴϴ礻¤»¤» |
2013/04/14 | |
asdf3856 | ¼º¸íÀ» ¾î·Æ°Ô ÇϽô°Š°°Àºµ¥.,.. °£´ÜÈ÷ ¼³¸íÇص帲. SELECT * FROM user_data WHERE last_name = 'Your Name or 1=1' 1.¶ó½ºÆ® ³×ÀÓÀ̶ó´Â º¯¼ö°ª¿¡ true¸¦ ³Ö¾î ¿ìȸ ÇÏ´Â°Ô ¸ñÀû. 2. 'yourName or 1=1' ÀÌ·¸°Ô µÈ°ÍÀº Èí»ç .. last_name = 'asdf'¿Í °°½À´Ï´Ù. Áï,½Ì±Û ÄõÅÍ (')·Î °ªÀ» ¹¾î ÁÖ¼Å¾ß µÇ¿ä.. 'yourName' '1=1' ÀÌ·¸°Ô ¹¾î ÁÖ½ÃÁö ¾ÊÀ¸¸é or¹® ÀÚü°¡ Àǹ̰¡ ¾ø¾îÁö´Âµ¥ or´Â ' 1' '2' ºñ±³ÇÒ º¯¼ö µÎ°³¸¦ ¸¸µé¾îÁּžߵ˴ϴÙ... SELECT * FROM user_data WHERE last_name = 'Your Name' or '1=1' ' ' or 'true' ·Î ¿ìȸ µÇ´Â °ÅÁ®.. ¸»ÀÌ ÀÌ»óÇѵ¥ ³ªµµ.. ¤Ð |
2014/10/18 | |
asdf3856 | ' a' or 'b' ÀÌ·¸°Ô ¹¾î ÁÖ´ÂÀÌÀ¯´Â ºñ±³ÇÒ ´ë»ó ¼³Á¤ÇÏ½Å´Ù°í º¸¸éµÇ¿ä . 'a or b' ÀÌ·¸°Ô µÇÀÖÀ¸¸é ºñ±³ÇÒ ´ë»óÀ» ãÁö ¸øÇÏ°í 'a or b'¸¦ ÇϳªÀÇ stringÀ¸·Î º»´ä´Ï´Ù. ps:typeÀÌ ½ºÆ®¸µÀΰ¡?..±â¾ïÀÌ °¡¹° |
2014/10/18 | |
|
|