id에선 addslashes함수로 우회가 힘들어보여 pw로 가기로 함
md5 SQL injection을 검색하니 나오는게 몇 개있음
https://cvk.posthaven.com/sql-injection-with-raw-md5-hashes
SQL injection with raw MD5 hashes (Leet More CTF 2010 injection 300)
The University of Florida Student Infosec Team competed in the Leet More CTF 2010 yesterday. It was a 24-hour challenge-based event sort of like DEFCON quals. Ian and I made the team some...
cvk.posthaven.com
md5에서 true옵션은 raw값으로 나와 SQL injection이 가능하다
클리어
'Wargame, CTF > webhacking.kr' 카테고리의 다른 글
| Webhacking.kr 38번 (0) | 2019.11.11 |
|---|---|
| Webhacking.kr 56번 (0) | 2019.11.06 |
| Webhacking.kr 10번 (0) | 2019.11.05 |
| Webhacking.kr 21번 (0) | 2019.10.28 |
| Webhacking.kr 33번 (0) | 2019.10.26 |
