📂
이동현 Donghyun Lee
  • Welcome!
  • Wargame
    • Webhacking.kr
      • old-01 (200)
      • old-02 (500)
      • old-03 (350)
      • old-04 (300)
      • old-05 (300)
      • old-06 (100)
      • old-07 (300)
      • old-08 (350)
      • old-09 (900)
      • old-10 (250)
      • old-11 (300)
      • old-12 (250)
      • old-13 (1000)
      • old-14 (100)
      • old-15 (50)
      • old-16 (100)
      • old-17 (100)
      • old-18 (100)
      • old-19 (150)
      • old-20 (200)
      • old-21 (250)
      • old-22 (500)
      • old-23 (200)
      • old-24 (100)
      • old-25 (150)
      • old-26 (100)
      • old-27 (150)
      • old-28 (500)
      • old-29 (400)
      • old-30 (350) : UNSOLVED
      • old-31 (150)
      • old-32 (150)
      • old-33 (200)
      • old-34 (400)
      • old-35 (350)
      • old-36 (200)
      • old-38 (100)
      • old-39 (100)
      • old-40 (500)
      • old-41 (250)
      • old-42 (200)
      • old-43 (250)
      • old-44 (500)
      • old-45 (550)
      • old-46 (300)
      • old-47 (150)
      • old-48 (350)
      • old-49 (300)
      • old-50 (450)
      • old-51 (250)
      • old-52 (400)
      • old-53 (350)
      • old-54 (100)
      • old-55 (400)
      • old-56 (250)
      • old-57 (600)
      • old-58 (150)
      • old-59 (200)
      • old-60 (300)
      • old-61 (200)
    • Lord of SQLInjection
      • gremlin
      • cobolt
      • goblin
      • orc
      • wolfman
      • darkelf
      • orge
      • troll
      • vampire
      • skeleton
      • golem
      • darkknight
      • bugbear
      • giant
      • assassin
      • succubus
      • zombie_assassin
      • nightmare
      • xavis
      • dragon
      • iron_golem
      • dark_eyes
      • hell_fire
      • evil_wizard
      • green_dragon
      • red_dragon
      • blue_dragon
      • frankenstein
      • phantom
      • ouroboros
      • zombie
      • alien
      • cthulhu
      • death
      • godzilla
      • cyclops
      • chupacabra
      • manticore
      • banshee
      • poltergeist
      • nessie
      • revenant
      • yeti
      • mummy
      • kraken
      • cerberus
      • siren
      • incubus
    • Pwnable.kr
      • Toddler's Bottle
        • fd - 1 pt
        • collision - 3 pt
        • bof - 5 pt
        • flag - 7 pt
        • passcode - 10 pt
  • CTF
    • AlexCTF 2017
      • [Crypto] CR3: What is this encryption?
      • [Crypto] CR4: Poor RSA
    • BSides San Francisco CTF 2017
      • [Crypto] []root
  • project
    • How to Find Container Platform Escape Bug
      • Docker
        • Install Docker
        • Run Container
        • Docker Basic Commands
        • Docker Compose
        • Build Docker Image
        • Docker Hub
        • Private Docker Registry
      • Kubernetes
        • Introduction to Kubernetes
        • Kubernetes Practice
      • PoC
  • Donghyun's Lifelog
Powered by GitBook
On this page

Was this helpful?

  1. Wargame
  2. Lord of SQLInjection

death

PreviouscthulhuNextgodzilla

Last updated 5 years ago

Was this helpful?

첫 화면이다.

prob_cthulhu와 같이 id에 '<@ or 1 or ' 를 넣으면 아래와 같은 결과가 나온다.

id에 '<@ or id like 'admi%' or ' 을 넣은 셈이다.

admin 이 필터링되기 때문에 이를 우회하기 위해 id like 'admi%' 을 사용하였다.

에 접속하면 문제가 풀린다.

https://modsec.rubiya.kr/chall/death_0128e8a86066ca4f148444f0e99f4707.php?id=%27%3C@%20or%20id%20like%20%27admi%%27%20or%20%27