I study security and share my knowledge.

Recent posts

(bWAPP)SQL Injection - Blind (SQLite) (SQLMap)

검증 둜직 Low Level μ—μ„œλŠ” λ³΄μ•ˆ λŒ€μ±…μ΄ μ μš©λ˜μ–΄ μžˆμ§€ μ•Šλ‹€. Level - Low μ•žμ„œ μ‹€μŠ΅ν•œ 일반적인 Boolean Based SQLI 이닀. ν•˜μ§€λ§Œ DBMSκ°€ SQLIte λΌλŠ” 점을 μœ μ˜ν•΄μ•Όν•œλ‹€. SQLIte의 경우 타 DBMS 와 λ‹€λ₯Έ SQL...

(bWAPP)SQL Injection (AJAX/JSON/jQuery)

검증 둜직 Low Level μ—μ„œλŠ” λ³΄μ•ˆ λŒ€μ±…μ΄ μ μš©λ˜μ–΄ μžˆμ§€ μ•Šλ‹€. Level - Low 검색창에 μž„μ˜μ˜ 문자λ₯Ό μ£Όκ³  μ „μ†‘ν•˜λŠ” 방식이 μ•„λ‹Œ λ¬Έμžμ—΄ μž…λ ₯μ‹œ μ¦‰μ‹œ λ°˜μ˜λ˜λŠ” AJAX ν˜•νƒœμ˜ 검색창이 쑴재 AjaxλŠ” 비동기식 javascript, X...

(bWAPP)SQL Injection - Stored (Blog)

검증 둜직 Low Level μ—μ„œλŠ” λ³΄μ•ˆ λŒ€μ±…μ΄ μ μš©λ˜μ–΄ μžˆμ§€ μ•Šλ‹€. Level - Low μ‚¬μš©μžμ˜ μž…λ ₯값이 DB 에 μ €μž₯된 ν›„ λΆˆλŸ¬μ™€ λ‹€μ‹œκΈˆ 좜λ ₯ν•˜λŠ” λ“― ν•˜λ‹€. μ‚¬μš©μžμ˜ μž…λ ₯값이 Entry에 μž…λ ₯λ˜λŠ” κ±Έ 확인 ν•  수 μžˆλ‹€. 이럴 경우 보톡 XSS ...

(bWAPP)SQL Injection - Blind - Boolean-Based (Python Code)

검증 둜직 Low Level μ—μ„œλŠ” λ³΄μ•ˆ λŒ€μ±…μ΄ μ μš©λ˜μ–΄ μžˆμ§€ μ•Šλ‹€. Level - Low β€˜(μ‹±κΈ€μΏΌν„°) μž…λ ₯μ‹œ Error λŠ” λ°œμƒ ν•˜μ§€λ§Œ DBMS Error 와 같이 νŠΉμ • 정보λ₯Ό 좜λ ₯ν•˜μ§€λŠ” μ•ŠλŠ”λ‹€. μž…λ ₯값을 참으둜 λ§Œλ“€λ©΄ β€œThe movie exist...

(bWAPP)Drupal SQL Injection (Drupageddon)

검증 둜직 Low Level μ—μ„œλŠ” λ³΄μ•ˆ λŒ€μ±…μ΄ μ μš©λ˜μ–΄ μžˆμ§€ μ•Šλ‹€. Level - Low CVE-2014-3794λŠ” Dryupal 7μ—μ„œ 발견된 SQL μΈμ μ…˜ μ·¨μ•½μ μœΌλ‘œ, Drupal μ›Ή μ‚¬μ΄νŠΈμ˜ λ°μ΄ν„°λ² μ΄μŠ€μ— μ›κ²©μœΌλ‘œ μ•‘μ„ΈμŠ€ν•  수 μžˆλ‹€. μ΄λŠ” views_qu...