![[Wargame.kr] login_filtering 풀이 (136p)](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2Fstfu6%2FbtqF5exXjRa%2Fuo1dccRL1ghWcGynbVxInk%2Fimg.png)
풀이
I have accounts. but, it's blocked.
can you login bypass filtering?
<?php
if (isset($_GET['view-source'])) {
show_source(__FILE__);
exit();
}
/*
create table user(
idx int auto_increment primary key,
id char(32),
ps char(32)
);
*/
if(isset($_POST['id']) && isset($_POST['ps'])){
include("../lib.php"); # include for auth_code function.
mysql_connect("localhost","login_filtering","login_filtering_pz");
mysql_select_db ("login_filtering");
mysql_query("set names utf8");
$key = auth_code("login filtering");
$id = mysql_real_escape_string(trim($_POST['id']));
$ps = mysql_real_escape_string(trim($_POST['ps']));
$row=mysql_fetch_array(mysql_query("select * from user where id='$id' and ps=md5('$ps')"));
if(isset($row['id'])){
if($id=='guest' || $id=='blueh4g'){
echo "your account is blocked";
}else{
echo "login ok"."<br />";
echo "Password : ".$key;
}
}else{
echo "wrong..";
}
}
?>
<!--
you have blocked accounts.
guest / guest
blueh4g / blueh4g1234ps
-->... 그냥 대소문자를 구분 안하니까 그 점을 이용하면 문제를 해결할 수 있다.
'Wargame > wargame.kr' 카테고리의 다른 글
| [Wargame.kr] md5 password 풀이 (214p) (0) | 2020.07.29 |
|---|---|
| [Wargame.kr] strcmp 풀이 (212p) (0) | 2020.07.28 |
| [Wargame.kr] fly me to the moon 풀이 (191p) (0) | 2020.05.25 |
| [Wargame.kr] WTF_CODE 풀이 (154p) (0) | 2020.05.25 |
| [Wargame.kr] QR CODE PUZZLE 풀이 (109p) (0) | 2020.05.24 |