이동현 Donghyun Lee

Welcome!
Wargame
CTF
- AlexCTF 2017
  - [Crypto] CR3: What is this encryption?
  - [Crypto] CR4: Poor RSA
- BSides San Francisco CTF 2017
  - [Crypto] []root
project
- How to Find Container Platform Escape Bug
Donghyun's Lifelog

Powered by GitBook

On this page

Was this helpful?

Wargame

Lord of SQLInjection

dragon

Previousxavis Nextiron_golem

Last updated 4 years ago

첫 화면이다.

https://los.rubiya.kr/chall/dragon_51996aa769df79afbf79eb4d66dbcef6.php?pw=%27%0a%20and%200%20or%20id=%27admin 에 접속하면 문제가 풀린다.

pw에 '%0a and 0 or id-'admin 을 넣은 셈이다.‌‌

주석인 # 을 우회해 조건을 추가하기 위해 {NEW_LINE}을 나타내는 %0a 를 사용하였다.