분류 전체보기 (133) 썸네일형 리스트형 [Webhacking.kr] old-21 old-21 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/bonus-1/index.php/ If you enter the URL, you can see the below photo. First, Admin Login The result of "id: admin, pw: admin" is login fail Second, SQL Injection I tried to SQL Injection. admin' or '1'='1 Result: Wrong password While I tried to "admin' or '1'='0". Result: Wrong password You can see that the values you .. [Webhacking.kr] old-20 old-20 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/code-4/// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. function ck(){ if(lv5frm.id.value=="") { lv5frm.id.focus(); return; } if(lv5frm.cmt.value=="") { lv5frm.cmt.focus(); return; } if(lv5frm.captcha.value=="") { lv5frm.captcha.focus(); return; } .. [Webhacking.kr] old-18 old-18 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/web-32// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. [Webhacking.kr] old-17 old-17 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/js-4// If you enter the URL, you can see the below photo. First, View Source you can do it like this to get the value of "unlock". console.log(unlock); If you enter the value on the input tag, you can solve the problem. [Webhacking.kr] old-16 old-16 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/js-3// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. if(cd==124) location.href=String.fromCharCode(cd)+".php"; // do it! If you move the String.fromCharCode(cd)+".php";, you will solve the problem. To get the value of "String.fromCharCode(124)", yo.. [Webhacking.kr] old-14 old-14 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/js-1// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. if(ul==pw.input_pwd.value) { location.href="?"+ul*pw.input_pwd.value; } Thus, we can know that the value of "ul" through this method. In conclusion, if you enter 540 in the input tag, you can sol.. [Webhacking.kr] old-13 old-13 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/web-10// If you enter the URL, you can see the below photo. This page informs that you should use SQL Injection to get the Flag. Then, I tried to enter zero. Next, I tried to enter one. we can confirm that the result is changed by the input. If you enter a non-one, the result will be zero. Through this, we can consider.. [Webhacking.kr] old-11 old-11 This problem is in webhacking.kr. URL: https://webhacking.kr/challenge/code-2// If you enter the URL, you can see the below photo. First, View Source If you look at the code, you can see this part. You can know that you can solve the problem if the value of $val sent through "Get Method" is the same as the $pat. Let's analyze the code. /[1-3][a-f]{5}_.*$_SERVER[REMOTE_ADDR].*\tp\ta\ts\ts/.. 이전 1 ··· 12 13 14 15 16 17 다음
