Lee-GyuHyeok

I study security and share my knowledge.

Recent posts

(bWAPP)Reflected (User-Agent)

μ΄μ „μ˜ Referer λ¬Έμ œμ™€ λ™μΌν•˜κ²Œ User-Agent ν—€λ”μ˜ 값이 νŽ˜μ΄μ§€ 내에 κ³ μŠ€λž€νžˆ 좜λ ₯되고 μžˆλ‹€. 이 λ˜ν•œ Request 값을 κ°€λ‘œμ±„ μš”μ²­ ν—€λ”μ˜ 값을 λ³€μ‘°ν•˜λ©΄ μŠ€ν¬λ¦½νŠΈκ°€ μ‹€ν–‰λœλ‹€. User-Agent: <script>alert(1)</s...

(bWAPP)Reflected (Referer)

νŽ˜μ΄μ§€ 내에 Referer ν—€λ”μ˜ 값이 κ³ μŠ€λž€νžˆ 좜λ ₯되고 μžˆλ‹€. λ²„ν”„μŠ€μœ„νŠΈμ™€ 같은 도ꡬλ₯Ό μ‚¬μš©ν•˜μ—¬ Request 값을 κ°€λ‘œμ±„ 헀더 값을 λ³€μ‘°ν•˜κ²Œ 되면 μŠ€ν¬λ¦½νŠΈκ°€ λ°œμƒν•œλ‹€. Referer: <script>alert(1)</script> ...

(bWAPP)XSS - Reflected (Login Form)

둜그인 κΈ°λŠ₯이 κ΅¬ν˜„λ˜μ–΄ μžˆλŠ” νŽ˜μ΄μ§€μ΄λ‹€. superhero λΌλŠ” 유둜 자격증λͺ…을 ν•˜λΌλŠ” κ±° κ°™μ§€λ§Œ, superhero λΌλŠ” μœ μ €λŠ” μ‘΄μž¬ν•˜μ§€ μ•ŠλŠ”λ‹€. ’ μž…λ ₯μ‹œ DBMS Errorκ°€ λ°œμƒν•˜κ²Œ λœλ‹€. ν•΄λ‹Ή μ‹œλ‚˜λ¦¬μ˜€μ—μ„œ sqli 취약점도 ν•¨κ»˜ μ‘΄μž¬ν•œλ‹€. ...

Boiler CTF - WriteUP

ν•΄λ‹Ή λ¬Έμ œλŠ” https://tryhackme.com/r/room/boilerctf2 μ—μ„œ 확인할 수 μžˆμŠ΅λ‹ˆλ‹€. Boiler CTF μ‹œμŠ€ν…œ λͺ¨μ˜ 침투 μˆ˜ν–‰ λ‚΄μš© 정보 μˆ˜μ§‘ joomla CMS 확인 μΆ”κ°€ λΆ€λ₯΄νŠΈν¬μ‹±μ„ ν†΅ν•œ _test 경둜 확인 sar2html μ‚¬μš©...