웹찢남

cthulhu-writeup 본문

WEB_HACKING/los.rubiya.kr

cthulhu-writeup

harry595 2020. 1. 30. 19:04

 

이번문제는 드디어 방화벽이 추가 됐다!

구글에 ModSecurity Core Rule Set bypass를 검색하니 바로 아래와 같은 사이트가 나왔다.

 

https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1181

 

Bypass the latest CRS v3.1.0 rules of SQL injection · Issue #1181 · SpiderLabs/owasp-modsecurity-crs

Type of Issue False Negative Description Per #1167, I wanna raise more FNs in this thread. Before getting into other FNs, I want to give out more information to #1167 so as to help the maintainers ...

github.com

저 링크 속에 -1'<@=1 OR {a 1}=1 OR ' 이런 bypass가 있는데 바로 갖다 쓰니 CLEAR가 됐다!

 

 

---------------------------------------------------------------------------------------------------------

<?php
  include "./welcome.php";
  include "./config.php";
  login_chk();
  $db dbconnect();
  if(preg_match('/prob|_|\.|\(\)|admin/i'$_GET[id])) exit("No Hack ~_~");
  if(preg_match('/prob|_|\.|\(\)|admin/i'$_GET[pw])) exit("No Hack ~_~");
  $query "select id from prob_cthulhu where id='{$_GET[id]}' and pw='{$_GET[pw]}'";
  echo "<hr>query : <strong>{$query}</strong><hr><br>";
  $result = @mysqli_fetch_array(mysqli_query($db,$query));
  if($result['id']) solve("cthulhu");
  highlight_file(__FILE__);
?>

문제 소스 코드

---------------------------------------------------------------------------------------------------------

 

 

 

 

 

 

 

'WEB_HACKING > los.rubiya.kr' 카테고리의 다른 글

godzilla-writeup  (0) 2020.01.30
Death-writeup  (0) 2020.01.30
Alien-writeup  (0) 2020.01.30
Zombie-writeup  (0) 2020.01.30
ouroboros-writeup  (0) 2020.01.29
'WEB_HACKING/los.rubiya.kr' Related Articles more
Comments