Webhacking.kr write-up: old-27
| Link | point | tag |
|---|---|---|
| old-27 | 150 | SQLi |
Welcome back to another good SQLi challenge by webhacking.kr.
Let’s check the source code.
Look like we have some filters and SQL query on the script. Judging on the query, one might think the proper URL based SQLi payload should be like this
?no=2) or id='admin'--
Since the space character (x20) and equal (=) sign has been filtered out, we need to think another way. The possible way we are talking about is using the wildcard (LIKE) such that
?no=2) or no like 2--
Meanwhile the space character can be by passed using Tab key (x09)
?no=2)%09or%09no%09like%092--%09
Space after two dashes (–) is required for some SQL database
Thanks for reading. Follow my twitter for latest update
If you like this post, consider a small donation. Much appreciated. :)