목록WEB_HACKING (112)

웹찢남

Orc-writeup

include "./config.php";   login_chk();   $db = dbconnect();   if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~");   $query = "select id from prob_orc where id='admin' and pw='{$_GET[pw]}'";   echo "query : {$query}";   $result = @mysqli_fetch_array(mysqli_query($db,$query));   if($result['id']) echo "Hello admin";      $_GET[pw] = addslashes($_GET[pw]);   $query = "select pw from..
WEB_HACKING/los.rubiya.kr 2019. 12. 27. 20:58
Goblin-writeup

include "./config.php";   login_chk();   $db = dbconnect();   if(preg_match('/prob|_|\.|\(\)/i', $_GET[no])) exit("No Hack ~_~");   if(preg_match('/\'|\"|\`/i', $_GET[no])) exit("No Quotes ~_~");   $query = "select id from prob_goblin where id='guest' and no={$_GET[no]}";   echo "query : {$query}";   $result = @mysqli_fetch_array(mysqli_query($db,$query));   if($result['id']) echo "Hello {$resul..
WEB_HACKING/los.rubiya.kr 2019. 12. 27. 20:52
Cobolt-writeup

include "./config.php";   login_chk();  $db = dbconnect();  if(preg_match('/prob|_|\.|\(\)/i', $_GET[id])) exit("No Hack ~_~");   if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~");   $query = "select id from prob_cobolt where id='{$_GET[id]}' and pw=md5('{$_GET[pw]}')";   echo "query : {$query}";   $result = @mysqli_fetch_array(mysqli_query($db,$query));   if($result['id'] == 'a..
WEB_HACKING/los.rubiya.kr 2019. 12. 27. 20:45
gremlin -writeup

include "./config.php";  login_chk();  $db = dbconnect();  if(preg_match('/prob|_|\.|\(\)/i', $_GET[id])) exit("No Hack ~_~"); // do not try to attack another table, database!  if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~");  $query = "select id from prob_gremlin where id='{$_GET[id]}' and pw='{$_GET[pw]}'";  echo "query : {$query}";  $result = @mysqli_fetch_array(mysqli_quer..
WEB_HACKING/los.rubiya.kr 2019. 12. 27. 20:42
Prev 1 ··· 16 17 18 19 Next