Archive for Dev. (junyup2)

์ง€์‹์„ ์ฑ„์›Œ๊ฐ€๋Š” ใ€Ž๊ฐœ๋ฐœ์ž/ํ™”์ดํŠธํ•ด์ปคใ€๋ฅผ ๋ชฉํ‘œ๋กœ ์ •๋ฆฌํ•˜๋Š” ๋ธ”๋กœ๊ทธ

order by 1
[DVWA] SQL Injection (Order by / Union)

Vulnerability: SQL Injection ์ฟผ๋ฆฌ๋ฌธ์˜ ๊ตฌ์กฐ๋ฅผ ํŒŒ์•…ํ•˜๊ณ , UNION SQL Injection์„ ์ ์šฉํ•˜์—ฌ DB ๋‚ด๋ถ€์˜ ๋ฐ์ดํ„ฐ๋ฅผ ์กฐํšŒํ•˜๋Š” ๊ฒƒ์„ ๋ชฉ์ ์œผ๋กœ ํ•œ๋‹ค. DVWA SQL Injection ์‹ค์Šต ์‹ค์Šต ํ™˜๊ฒฝ - Windows Docker๋ฅผ ์ด์šฉํ•œ DVWA - Windows ํ™˜๊ฒฝ์˜ Burp Suite Security Level: Low order by๋ฅผ ์ด์šฉํ•˜์—ฌ ์ปฌ๋Ÿผ(Column)์˜ ๊ฐœ์ˆ˜๋ฅผ ํ™•์ธํ•ด๋ณธ๋‹ค. Order by 1' order by 1~2 # ์œ„์™€ ๊ฐ™์ด 1~2์˜ ๊ฒฝ์šฐ ๊ฒฐ๊ณผ ๊ฐ’์ด ๋‚˜์˜จ๋‹ค. 1' order by 3 # 3์„ ์ž…๋ ฅํ•œ ๊ฒฝ์šฐ ์—๋Ÿฌ๊ฐ€ ๋ฐœ์ƒํ•˜๊ฒŒ ๋œ๋‹ค. ์ฆ‰ ์ปฌ๋Ÿผ์€ 2๊ฐœ๋ผ๋Š” ๊ฒƒ์„ ์•Œ ์ˆ˜ ์žˆ๋‹ค. ์ด์ œ UNION SQLi Process์— ๋งž์ถฐ ์ง„ํ–‰ํ•œ๋‹ค. Column ์œ„์น˜ ์ฐพ๊ธฐ ์ปฌ๋Ÿผ์˜..
Practice/DVWA 2024.04.11
1
๋”๋ณด๊ธฐ

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”