Webhacking.kr | Challenge 49

Challenge 49번 문제 페이지이다. SQL INJECTION 문제이고 level 값을 입력하게끔 되어있다. <?php include "../../config.php"; if($_GET['view_source']) view_source(); ?><html> <head> <title>Challenge 49</title> </head> <body> <h1>SQL INJECTION</h1> <form method=get> level : <input name=lv value=1><input type=submit> </form> <?php if($_GET['lv']){ $db = dbconnect(); if(preg_match("/select|or|and|\(|\)|limit|,|\/|order|cash| |\t|\'|\"/i",$_GET['lv'])) exit("no hack"); $result = mysqli_fetch_array(mysqli_query($db,"select id f...

원문링크 : Webhacking.kr | Challenge 49