Web Security (29) 썸네일형 리스트형 [DVWA] Blind SQL Injection SQL Injection (Blind) If the web page where you want to attack doesn't print any errors and query result list, the attack from this pattern is hard to succeed. Because it doesn't provide query result data, we cannot confirm the data through attacks like a UNION query. In this case, Blind SQL Injection can usefully be used. In other words, the attack is an attack method that spills out a database.. [Webhacking.kr] old-21 old-21 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/bonus-1/index.php/ If you enter the URL, you can see the below photo. First, Admin Login The result of "id: admin, pw: admin" is login fail Second, SQL Injection I tried to SQL Injection. admin' or '1'='1 Result: Wrong password While I tried to "admin' or '1'='0". Result: Wrong password You can see that the values you .. [Webhacking.kr] old-20 old-20 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/code-4/// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. function ck(){ if(lv5frm.id.value=="") { lv5frm.id.focus(); return; } if(lv5frm.cmt.value=="") { lv5frm.cmt.focus(); return; } if(lv5frm.captcha.value=="") { lv5frm.captcha.focus(); return; } .. [Webhacking.kr] old-18 old-18 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/web-32// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. [Webhacking.kr] old-17 old-17 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/js-4// If you enter the URL, you can see the below photo. First, View Source you can do it like this to get the value of "unlock". console.log(unlock); If you enter the value on the input tag, you can solve the problem. [Webhacking.kr] old-16 old-16 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/js-3// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. if(cd==124) location.href=String.fromCharCode(cd)+".php"; // do it! If you move the String.fromCharCode(cd)+".php";, you will solve the problem. To get the value of "String.fromCharCode(124)", yo.. [Webhacking.kr] old-14 old-14 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/js-1// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. if(ul==pw.input_pwd.value) { location.href="?"+ul*pw.input_pwd.value; } Thus, we can know that the value of "ul" through this method. In conclusion, if you enter 540 in the input tag, you can sol.. [Webhacking.kr] old-13 old-13 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/web-10// If you enter the URL, you can see the below photo. This page informs that you should use SQL Injection to get the Flag. Then, I tried to enter zero. Next, I tried to enter one. we can confirm that the result is changed by the input. If you enter a non-one, the result will be zero. Through this, we can consider.. 이전 1 2 3 4 다음
