[los]troll

query : select id from prob_troll where id=''

<?php  
  include "./config.php"; 
  login_chk(); 
  $db = dbconnect(); 
  if(preg_match('/\'/i', $_GET[id])) exit("No Hack ~_~");
  if(preg_match("/admin/", $_GET[id])) exit("HeHe");
  $query = "select id from prob_troll where id='{$_GET[id]}'";
  echo "<hr>query : <strong>{$query}</strong><hr><br>";
  $result = @mysqli_fetch_array(mysqli_query($db,$query));
  if($result['id'] == 'admin') solve("troll");
  highlight_file(__FILE__);
?>

1. preg_match : '
2. preg_match : admin

※admin 소문자만 탐지함. DBMS는 문자열 비교 시 소문자 대문자 상관없음.(정확히는 타입마다 다른것으로 보임)
3. 싱글쿼터로 감싸져있어 0x61646d696e 실패

61:64:6d:69:6e

id 값이 admin인 쿼리를 불러와야함.

 

대문자 ADMIN 입력