반응형 분류 전체보기151 load of sql injection dragon include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); $query = "select id from prob_dragon where id='guest'# and pw='{$_GET[pw]}'"; echo "query : {$query}"; $result = @mysql_fetch_array(mysql_query($query)); if($result['id']) echo "Hello {$result[id]}"; if($result['id'] == 'admin') solve("dragon"); highlight_file(__.. 2016. 9. 15. load of sql injection xavis include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); if(preg_match('/regex|like/i', $_GET[pw])) exit("HeHe"); $query = "select id from prob_xavis where id='admin' and pw='{$_GET[pw]}'"; echo "query : {$query}"; $result = @mysql_fetch_array(mysql_query($query)); if($result['id']) echo "Hello {$result[id]}"; $_GE.. 2016. 9. 15. load of sql injection nightmare include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)|#|-/i', $_GET[pw])) exit("No Hack ~_~"); if(strlen($_GET[pw])>6) exit("No Hack ~_~"); $query = "select id from prob_nightmare where pw=('{$_GET[pw]}') and id!='admin'"; echo "query : {$query}"; $result = @mysql_fetch_array(mysql_query($query)); if($result['id']) solve("nightmare"); highlight_file(.. 2016. 9. 15. load of sql injection succubus include "../config.php"; login_chk(); dbconnect(); if(preg_match('/prob|_|\.|\(\)/i', $_GET[id])) exit("No Hack ~_~"); if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~"); if(preg_match('/\'/i', $_GET[id])) exit("HeHe"); if(preg_match('/\'/i', $_GET[pw])) exit("HeHe"); $query = "select id from prob_succubus where id='{$_GET[id]}' and pw='{$_GET[pw]}'"; echo "query .. 2016. 9. 15. 이전 1 ··· 31 32 33 34 35 36 37 38 다음