Archive for Dev. (junyup2)

์ง€์‹์„ ์ฑ„์›Œ๊ฐ€๋Š” ใ€Ž๊ฐœ๋ฐœ์ž/ํ™”์ดํŠธํ•ด์ปคใ€๋ฅผ ๋ชฉํ‘œ๋กœ ์ •๋ฆฌํ•˜๋Š” ๋ธ”๋กœ๊ทธ

extractvalue 1
[DVWA] SQL Injection (Error Based)

Vulnerability: SQL InjectionError Based SQL Injection์„ ์ด์šฉํ•˜์—ฌ DB ๋‚ด๋ถ€์˜ ๋ฐ์ดํ„ฐ๋ฅผ ์กฐํšŒํ•˜๋Š” ๊ฒƒ์„ ๋ชฉ์ ์œผ๋กœ ํ•œ๋‹ค.DVWA SQL Injection ์‹ค์Šต์‹ค์Šต ํ™˜๊ฒฝ- Windows Docker๋ฅผ ์ด์šฉํ•œ DVWA- Windows ํ™˜๊ฒฝ์˜ Burp SuiteSecurity Level: LowLow ๋ ˆ๋ฒจ์˜ ๊ฒฝ์šฐ ์ž…๋ ฅ๊ฐ’์— ๋Œ€ํ•˜์—ฌ ์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ•˜๋Š” ๊ฒฝ์šฐ, ์—๋Ÿฌ ๋ฉ”์‹œ์ง€์— ์—๋Ÿฌ์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ๊ทธ๋Œ€๋กœ ์ถœ๋ ฅํ•ด์ฃผ๊ณ  ์žˆ๋‹ค.์ด๋ฅผ ์ด์šฉํ•˜์—ฌ Error Based SQLi ๋ฅผ ์‹œ๋„ํ•ด๋ณธ๋‹ค.$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '' . ((is_object($GLOBALS["___mysqli_sto..
Practice/DVWA 2024.04.12
1
๋”๋ณด๊ธฐ

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”