war game/웹 워게임(los)22 load of sql injection xavis include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); if(preg_match('/regex|like/i', $_GET[pw])) exit("HeHe"); $query = "select id from prob_xavis where id='admin' and pw='{$_GET[pw]}'"; echo "query : {$query}"; $result = @mysql_fetch_array(mysql_query($query)); if($result['id']) echo "Hello {$result[id]}"; $_GE.. 2016. 9. 15. load of sql injection nightmare include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)|#|-/i', $_GET[pw])) exit("No Hack ~_~"); if(strlen($_GET[pw])>6) exit("No Hack ~_~"); $query = "select id from prob_nightmare where pw=('{$_GET[pw]}') and id!='admin'"; echo "query : {$query}"; $result = @mysql_fetch_array(mysql_query($query)); if($result['id']) solve("nightmare"); highlight_file(.. 2016. 9. 15. load of sql injection succubus include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)/i', $_GET[id])) exit("No Hack ~_~"); if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); if(preg_match('/\'/i', $_GET[id])) exit("HeHe"); if(preg_match('/\'/i', $_GET[pw])) exit("HeHe"); $query = "select id from prob_succubus where id='{$_GET[id]}' and pw='{$_GET[pw]}'"; echo "query .. 2016. 9. 15. load of sql injection zombie assassin include "../config.php"; login_chk(); dbconnect(); if(preg_match('/\\\|prob|_|\.|\(\)/i', $_GET[id])) exit("No Hack ~_~"); if(preg_match('/\\\|prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); if(@ereg("'",$_GET[id])) exit("HeHe"); if(@ereg("'",$_GET[pw])) exit("HeHe"); $query = "select id from prob_zombie_assassin where id='{$_GET[id]}' and pw='{$_GET[pw]}'"; echo "query : {$q.. 2016. 9. 15. 이전 1 2 3 4 5 6 다음