[Level 18]Lord of SQL injection – nightmare

Lord of SQL injection – nightmare Level 18 Source Code <?php include “../config.php”; login_chk(); dbconnect(); if(preg_match(‘/prob|_|\.|\(\)|#|-/i’, $_GET[pw])) exit(“No Hack ~_~”); if(strlen($_GET[pw])>6) exit(“No Hack ~_~”); $query = “select id from prob_nightmare where pw=(‘{$_GET[pw]}’) and id!=’admin'”; echo “<hr>query : <strong>{$query}</strong><hr><br>”; $result = @mysql_fetch_array(mysql_query($query)); if($result[‘id’]) solve(“nightmare”); highlight_file(__FILE__); ?> Analyse http://los.sandbox.cash/nightmare-~~.php?pw=123 이라고 입력하게 되면 select id from prob_nightmare where pw=(‘123’) and …

[Level 17]Lord of SQL injection – succubus

Lord of SQL injection – succubus Level 17 Source Code <?php include “../config.php”; login_chk(); dbconnect(); if(preg_match(‘/prob|_|\.|\(\)/i’, $_GET[id])) exit(“No Hack ~_~”); if(preg_match(‘/prob|_|\.|\(\)/i’, $_GET[pw])) exit(“No Hack ~_~”); if(preg_match(‘/\’/i’, $_GET[id])) exit(“HeHe”); if(preg_match(‘/\’/i’, $_GET[pw])) exit(“HeHe”); $query = “select id from prob_succubus where id='{$_GET[id]}’ and pw='{$_GET[pw]}'”; echo “<hr>query : <strong>{$query}</strong><hr><br>”; $result = @mysql_fetch_array(mysql_query($query)); if($result[‘id’]) solve(“succubus”); highlight_file(__FILE__); ?> Analyse http://los.sandbox.cash/succubus-~~.php?id=user&pw=123 이라고 입력하게 …

[Level 16]Lord of SQL injection – zombie_assassin

Lord of SQL injection – zombie_assassin Level 16 Source Code <?php include “../config.php”; login_chk(); dbconnect(); if(preg_match(‘/\\\|prob|_|\.|\(\)/i’, $_GET[id])) exit(“No Hack ~_~”); if(preg_match(‘/\\\|prob|_|\.|\(\)/i’, $_GET[pw])) exit(“No Hack ~_~”); if(@ereg(“‘”,$_GET[id])) exit(“HeHe”); if(@ereg(“‘”,$_GET[pw])) exit(“HeHe”); $query = “select id from prob_zombie_assassin where id='{$_GET[id]}’ and pw='{$_GET[pw]}'”; echo “<hr>query : <strong>{$query}</strong><hr><br>”; $result = @mysql_fetch_array(mysql_query($query)); if($result[‘id’]) solve(“zombie_assassin”); highlight_file(__FILE__); ?> Analyse http://los.sandbox.cash/zombie_assassin-~~.php?id=user&pw=123 이라고 입력하게 되면 select …

[Level 15]Lord of SQL injection – assassin

Lord of SQL injection – assassin Level 15 Source Code <?php include “../config.php”; login_chk(); dbconnect(); if(preg_match(‘/\’/i’, $_GET[pw])) exit(“No Hack ~_~”); $query = “select id from prob_assassin where pw like ‘{$_GET[pw]}'”; echo “<hr>query : <strong>{$query}</strong><hr><br>”; $result = @mysql_fetch_array(mysql_query($query)); if($result[‘id’]) echo “<h2>Hello {$result[id]}</h2>”; if($result[‘id’] == ‘admin’) solve(“assassin”); highlight_file(__FILE__); ?> Analyse http://los.sandbox.cash/assassin-~~.php?pw=123 이라고 입력하게 되면 select 1234 from prob_assassin …

[Level 14]Lord of SQL injection – giant

Lord of SQL injection – giant Level 14 Source Code <?php include “../config.php”; login_chk(); dbconnect(); if(strlen($_GET[shit])>1) exit(“No Hack ~_~”); if(preg_match(‘/ |\n|\r|\t/i’, $_GET[shit])) exit(“HeHe”); $query = “select 1234 from{$_GET[shit]}prob_giant where 1”; echo “<hr>query : <strong>{$query}</strong><hr><br>”; $result = @mysql_fetch_array(mysql_query($query)); if($result[1234]) solve(“giant”); highlight_file(__FILE__); ?> Analyse http://los.sandbox.cash/giant-~~.php?shit=A 이라고 입력하게 되면 select 1234 fromAprob_giant where 1과 같이 MySQL 쿼리문이 입력된다. 그리고 …

[Level 13]Lord of SQL injection – bugbear

Lord of SQL injection – bugbear Level 13 Source Code <?php include “../config.php”; login_chk(); dbconnect(); if(preg_match(‘/prob|_|\.|\(\)/i’, $_GET[no])) exit(“No Hack ~_~”); if(preg_match(‘/\’/i’, $_GET[pw])) exit(“HeHe”); if(preg_match(‘/\’|substr|ascii|=|or|and| |like|0x/i’, $_GET[no])) exit(“HeHe”); $query = “select id from prob_bugbear where id=’guest’ and pw='{$_GET[pw]}’ and no={$_GET[no]}”; echo “<hr>query : <strong>{$query}</strong><hr><br>”; $result = @mysql_fetch_array(mysql_query($query)); if($result[‘id’]) echo “<h2>Hello {$result[id]}</h2>”; $_GET[pw] = addslashes($_GET[pw]); $query = …

[Level 12]Lord of SQL injection – darkknight

Lord of SQL injection – darkknight Level 12 Source Code <?php include “../config.php”; login_chk(); dbconnect(); if(preg_match(‘/prob|_|\.|\(\)/i’, $_GET[no])) exit(“No Hack ~_~”); if(preg_match(‘/\’/i’, $_GET[pw])) exit(“HeHe”); if(preg_match(‘/\’|substr|ascii|=/i’, $_GET[no])) exit(“HeHe”); $query = “select id from prob_darkknight where id=’guest’ and pw='{$_GET[pw]}’ and no={$_GET[no]}”; echo “<hr>query : <strong>{$query}</strong><hr><br>”; $result = @mysql_fetch_array(mysql_query($query)); if($result[‘id’]) echo “<h2>Hello {$result[id]}</h2>”; $_GET[pw] = addslashes($_GET[pw]); $query = “select …

[Level 11]Lord of SQL injection – golem

Lord of SQL injection – golem Level 11 Source Code <?php include “../config.php”; login_chk(); dbconnect(); if(preg_match(‘/prob|_|\.|\(\)/i’, $_GET[pw])) exit(“No Hack ~_~”); if(preg_match(‘/or|and|substr\(|=/i’, $_GET[pw])) exit(“HeHe”); $query = “select id from prob_golem where id=’guest’ and pw='{$_GET[pw]}'”; echo “<hr>query : <strong>{$query}</strong><hr><br>”; $result = @mysql_fetch_array(mysql_query($query)); if($result[‘id’]) echo “<h2>Hello {$result[id]}</h2>”; $_GET[pw] = addslashes($_GET[pw]); $query = “select pw from prob_golem where id=’admin’ …