Tyojong

query : {$query}"; } $rows = mysqli_query($db,"select no,ip,email from prob_phantom where no=1 or ip='{$_SERVER[REMOTE_ADDR]}'"); echo "ipemail"; while(($result = mysqli_fetch_array($rows))){ if($result['no'] == 1) $result['email'] = "**************"; echo "{$result[ip]}".htmlentities($result[email]).""; } echo ""; $_GET[email] = addslashes($_GET[email]); $query = "select email f..

query : {$query}"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if(mysqli_error($db)) exit("error"); $_GET[pw] = addslashes($_GET[pw]); $query = "select pw from prob_frankenstein where id='admin' and pw='{$_GET[pw]}'"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if(($result['pw']) && ($result['pw'] == $_GET['pw'])) solve("frankenstein"); highlight_file(__FILE__);?..

query : {$query}"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if(preg_match('/\'|\\\/i', $_GET[id])) exit("No Hack ~_~"); if(preg_match('/\'|\\\/i', $_GET[pw])) exit("No Hack ~_~"); if($result['id']) echo "Hello {$result[id]}"; $_GET[pw] = addslashes($_GET[pw]); $query = "select pw from prob_blue_dragon where id='admin' and pw='{$_GET[pw]}'"; $result = @mysqli_fetch_array(my..

7) exit("too long string"); $no = is_numeric($_GET['no']) ? $_GET['no'] : 1; $query = "select id from prob_red_dragon where id='{$_GET['id']}' and no={$no}"; echo "query : {$query}"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if($result['id']) echo "Hello {$result['id']}"; $query = "select no from prob_red_dragon where id='admin'"; // if you think challenge got wrong, look co..

query : {$query}"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if($result['id']){ if(preg_match('/prob|_|\.|\'|\"/i', $result['id'])) exit("No Hack ~_~"); if(preg_match('/prob|_|\.|\'|\"/i', $result['pw'])) exit("No Hack ~_~"); $query2 = "select id from prob_green_dragon where id='{$result[id]}' and pw='{$result[pw]}'"; echo "query2 : {$query2}"; $result = mysqli_fe..

http://www.wechall.netidemailscore"; $rows = mysqli_query($db,$query); while(($result = mysqli_fetch_array($rows))){ if($result['id'] == "admin") $result['email'] = "**************"; echo "{$result[id]}{$result[email]}{$result[score]}"; } echo "query : {$query}"; $_GET[email] = addslashes($_GET[email]); $query = "select email from prob_evil_wizard where id='admin' and email='{$_GET[e..

idemailscore"; $rows = mysqli_query($db,$query); while(($result = mysqli_fetch_array($rows))){ if($result['id'] == "admin") $result['email'] = "**************"; echo "{$result[id]}{$result[email]}{$result[score]}"; } echo "query : {$query}"; $_GET[email] = addslashes($_GET[email]); $query = "select email from prob_hell_fire where id='admin' and email='{$_GET[email]}'"; $result = @my..

query : {$query}"; $_GET[pw] = addslashes($_GET[pw]); $query = "select pw from prob_dark_eyes where id='admin' and pw='{$_GET[pw]}'"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if(($result['pw']) && ($result['pw'] == $_GET['pw'])) solve("dark_eyes"); highlight_file(__FILE__);?> 문제 목표if(preg_match('/col|if|case|when|sleep|benchmark/i', $_GET[pw])) exit("HeHe");if, case 와 같은 조..

query : {$query}"; $_GET[pw] = addslashes($_GET[pw]); $query = "select pw from prob_iron_golem where id='admin' and pw='{$_GET[pw]}'"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if(($result['pw']) && ($result['pw'] == $_GET['pw'])) solve("iron_golem"); highlight_file(__FILE__);?> 문제 목표if(preg_match('/sleep|benchmark/i', $_GET[pw])) exit("HeHe");sleep과 benchmark가 필터링되므로 time ..

query : {$query}"; $result = @mysqli_fetch_array(mysqli_query($db,$query)); if($result['id']) echo "Hello {$result[id]}"; if($result['id'] == 'admin') solve("dragon"); highlight_file(__FILE__); ?> 문제 목표$query = "select id from prob_dragon where id='guest'# and pw='{$_GET[pw]}'";where문 id값 뒤에는 주석처리가 된다.if($result['id'] == 'admin') solve("dragon");id가 admin이면 문제가 해결된다. 문제 해결#은 mysql에서 한 줄 주..