๋ณธ๋ฌธ ๋ฐ”๋กœ๊ฐ€๊ธฐ
๋ฐ˜์‘ํ˜•

UNION1

[Dreamhack] Level1: baby-union ๐Ÿ›Ž๏ธ Access ๋กœ๊ทธ์ธ ์‹œ ๊ณ„์ •์˜ ์ •๋ณด๊ฐ€ ์ถœ๋ ฅ๋˜๋Š” ์›น ์„œ๋น„์Šค์ž…๋‹ˆ๋‹ค. SQL INJECTION ์ทจ์•ฝ์ ์„ ํ†ตํ•ด ํ”Œ๋ž˜๊ทธ๋ฅผ ํš๋“ํ•˜์„ธ์š”. ๋ฌธ์ œ์—์„œ ์ฃผ์–ด์ง„ init.sql ํŒŒ์ผ์˜ ํ…Œ์ด๋ธ”๋ช…๊ณผ ์ปฌ๋Ÿผ๋ช…์€ ์‹ค์ œ ์ด๋ฆ„๊ณผ ๋‹ค๋ฆ…๋‹ˆ๋‹ค. _ ํ”Œ๋ž˜๊ทธ ํ˜•์‹์€ DH{...} ์ž…๋‹ˆ๋‹ค ๐Ÿ‘พ Exploit Algorithm & Payload > app.py ๋”๋ณด๊ธฐ import os from flask import Flask, request, render_template from flask_mysqldb import MySQL app = Flask(__name__) app.config['MYSQL_HOST'] = os.environ.get('MYSQL_HOST', 'localhost') app.config['MYSQL_USER'] = os.e.. 2024. 2. 2.
๋ฐ˜์‘ํ˜•

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”