<html>
<head>
<title>Challenge 53</title>
</head>
<body>
hello world
<br><br><br>
<?
if(time()<1260615600) exit();

$hidden_table="????";

if($_GET[answer]==$hidden_table)
{
@solve();
exit();
}

if(eregi("union",$_GET[val])) exit();
if(eregi("select",$_GET[val])) exit();
if(eregi("from",$_GET[val])) exit();
if(eregi("/",$_GET[val])) exit();
if(eregi("\*",$_GET[val])) exit();
if(eregi("#",$_GET[val])) exit();
if(eregi("-",$_GET[val])) exit();
if(eregi(",",$_GET[val])) exit();
if(eregi("=",$_GET[val])) exit();
if(eregi("!",$_GET[val])) exit();
if(eregi("\|",$_GET[val])) exit();
if(eregi("by",$_GET[val])) exit();


$f=@mysql_fetch_array(mysql_query("select test1 from $hidden_table where test2=$_GET[val]"));

echo($f[0]);

if($f)
{
echo("<br><br><form method=get action=index.php>challenge53 TABLE NAME : <input type=text name=answer size=50><input type=submit></form>");
}

?>

<!-- index.phps -->
</body>
</html>












































저작자표시 (새창열림)

'WEB Hacking > webhacking.kr' 카테고리의 다른 글

[webhacking.kr] 40번 Blind SQL 인젝션 - Efficient Blind SQL 인젝션 스크립트 작성  (0) 2018.09.04
[webhacking.kr] 55번 Blind SQL 인젝션  (0) 2018.09.04
[webhacking.kr] 29번 SQL 인젝션 subquery  (0) 2018.09.02
[webhacking.kr] 61번 SQL 인젝션 alias  (0) 2018.09.02
[webhacking.kr] 27번 SQL 인젝션 LIKE, --  (0) 2018.09.01

+ Recent posts

티스토리툴바