war game/웹 워게임(los)22 load of sql injection umaru time based sql injection이다. 서버 응답의 시간을 기준으로 참과 거짓을 판별한다. blind sql inejction과 느낌은 비슷하다.서버가 error에 반응을 안하거나 blind sql injection으로 내가 원하는 값을 확인할 수 없을 때 사용하면 좋다. 파이썬 코드import requestsimport reimport timecustom_headers = { 'User-Agent': 'Dalvik/2.1.0', 'Host': 'los.sandbox.cash', 'Connection': 'Keep-Alive', 'Cookie': '__cfduid=ded2179a317b40c718482d2535a9b2a2b1472712358; PHPSESSID=66k4fq3sqmcuifnd96.. 2016. 9. 15. load of sql injection dark_eyes include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); if(preg_match('/col|if|case|when|sleep|benchmark/i', $_GET[pw])) exit("HeHe"); $query = "select id from prob_dark_eyes where id='admin' and pw='{$_GET[pw]}'"; $result = @mysql_fetch_array(mysql_query($query)); if(mysql_error()) exit(); echo "query : {$query}"; $_.. 2016. 9. 15. load of sql injection iron_golem include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); if(preg_match('/sleep|benchmark/i', $_GET[pw])) exit("HeHe"); $query = "select id from prob_iron_golem where id='admin' and pw='{$_GET[pw]}'"; $result = @mysql_fetch_array(mysql_query($query)); if(mysql_error()) exit(mysql_error()); echo "query : {$query}"; $_GET.. 2016. 9. 15. load of sql injection dragon include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); $query = "select id from prob_dragon where id='guest'# and pw='{$_GET[pw]}'"; echo "query : {$query}"; $result = @mysql_fetch_array(mysql_query($query)); if($result['id']) echo "Hello {$result[id]}"; if($result['id'] == 'admin') solve("dragon"); highlight_file(.. 2016. 9. 15. 이전 1 2 3 4 ··· 6 다음