티스토리 뷰
id 를 입력할 수 있는 input form을 볼 수 있고 admin 글자가 적혀져 있다.
submit button을 누르면 아래와 같이 you are not admin를 표시를 하고 3초 뒤에 첫페이지로 돌아간다.
guest로 시도해보면 다시 처음 페이지로 돌아오고 test 값으로 시도를 해보면 아래와 같이 hello test 표시와 함께 로그인이 된 것을 볼 수 있다.
다른 정보를 찾아보면 기존에 없었던 userid라는 쿠키를 볼 수 있다.
test의 userid:
Vm0wd2QyUXlWa2hWV0doVlYwZFNVRlpzWkZOWFJsbDNXa2M1VjAxWGVEQmFSV2hyVmxVeFYyTkVRbUZXVjJoeVZtMTRZV015VGtsalJtaG9UV3N3ZUZacVFtRlRNbEpJVm10c2FsSnRVbGhVVkVaTFpWWmFjVk5xVWxwV01ERTFWa2QwYzJGV1NuUlZhemxhWWxob1RGbHFSbUZqYkhCRlZXeFNUbUY2UlRCV1ZFa3hVakZhZEZOcmFHaFNlbXhXVm0weGIxRXhjRmhsUjBacVlraENSbFpYZUhkV01rcEpVV3h3VjFaRmIzZFhWbHByVTBaT2NscEhjRk5pVjJob1YxWlNSMWxWTUhoWGEyUllZbFZhY1ZsclpEQk9iR3hXVjJ4T1ZXSkdjREJhU0hCSFZqRmFSbUl6WkZkaGExcG9Xa1ZhVDJOc2NFZGhSMnhUVFcxb1dsWXhXbXROUm14WFZXdGtXR0pyTlZsWmJHaFRWMFpTVjFkdFJteFdiRlkxV1ROd1IxWXdNVmRqUldoWFRXNUNhRlpxU2t0VFJsWlZVV3h3YkdFelFrbFdWM0JIVkRKTmVGZHVVbWxTYkVwVVZteG9RMWRzV1hoYVJFSm9UVlphTUZaV2FHOVdiVXB5VGxac1dtSkdXbWhXYkZwWFkxWktkRkpzVWxOaVNFSktWMnhXYWs1WFJrZFRXR2hZWW0xNFdGUlhOVk5rYkZweFVtdDBVMkpIVWpCWlZWcDNZVWRGZUdOSGFGaGlSbkJvVmtSS1RtVldUbkpoUjJoVFlYcFdXVlpYY0U5aU1XUnpWMWhvV0dKRk5WUlVWM2hIVGxaYWRHVkhkR2hpUlhBd1dWVm9UMVp0U2xsVVdHaFhUVVp3VkZacVJtdGtSa3B5VGxaT2FWZEdSalpXYlRFMFZURlplRmRZWkU1V2JWSnhWV3hrYjFZeFVsZFhhM1JVVW14d2VGVXlkR0ZpUmtsM1RsVm9WMVl6YUdoWlZXUkdaVWRPUjFac2FHaE5WbkJ2Vm10U1MxUnRWa2hVYTFwaFVqQmFWRlJYTVc5a01WcFlaVWM1VWsxWFVraFdNV2h2V1ZaS1JsTnRPVlZXYkhCWVZHdGFjMk5zWkhSa1JtUnBWbGhDU1ZacVNqUlVNVmw1VWxob1dHSlhhR0ZVVmxwM1lVWndSbHBHWkZOaVZrcElXVlZrYzFVd01IaFNhbHBYWWxoQ1RGUlZXbEpsUm1SMVUyczFWMkpJUW5oV1Z6QjRWVEZzVjFWc1dtRlNlbXh4V1d0YWQyVkdWblJrU0dScFVqQndTRll5TlhkV01WbDZZVWhLV2xaWFVrZGFWM2hIWTJzeFYxcEdaR3hoTVd0NVZtdGtORmxXYkZoVVdHaGhVMFphVmxsclpHOWpSbFp4VTIwNVYxWnNjRWhYVkU1dllWVXhjMU51Y0ZkTmFsWlVWa2Q0YTFOR1ZuTlViSEJwVW01Q2IxWlhjRWRWTWsxNVVtdGFVRlp0VW5CV2JHaERVMnhrVjFadE9WTk5WbkF3VlRKMGExZEhSbkpPVjBaaFZqTlNhRnBYZUhKbFYxWkpXa1pPVjJKRmNEVldSM2hyWXpGVmQwMVdXbWxsYTFwWVdWZDBkbVF4YkhGVGExcHNVbTFTZWxsVldsTmhSVEZaVVc1a1YxWXpVbGRVVmxwclVqRldjMkZIY0ZOaVZrcFdWbGN4TkdNd01IaGFTRXBYWVd0S1YxUlZVa2RXTVZKellVaE9WMVpVUmxoWk1GcHZWMnhhYzJORmVGcGxhMXBvV1RGYVYyTXhjRWhoUjJoT1UwVktNbFp0TUhoa01VbDRZa1prV0ZkSGFGbFpiWGhoVmxac1dXTklUbGhTYlhoYVdUQmFhMVl4V25OalJFSlZWbXhLVkZacVFYaFNWa1p4Vld4a1RtRnNXazFXYWtKclV6RmtWMUp1VmxWaVJuQndWakJrYjFkV1draGxSMFpYVFd4S1NWWnRkRzlWTWtwSFYyNUNWbUpVVmtSV01WcGhZMVpPV1dGSGJFNVdia0YzVmxjd01WTXlSbk5VYTJScVVqQmFXRmxyV25kTk1XeFdWMjVLYkZZeFdrbFZiVEV3VmpKS2NsTnJjRmhXUlVwb1dWUktSMVl4VG5OaVJrcHBWakpvV1ZaR1dtRlRNVXBIVjI1R1UySkZjSE5XYlhSM1pXeGtjbGR0T1doV2EzQjZXVEJhVjFkR1duTlRhMmhoVWtWYWNsVnFSbUZrVmxaMFpVWk9XRkpyY0ZaV2JHTjNaVVpWZUZwRlpGaFhSM2hQVm14a1UxWXhVbGhrUm5CT1lrWmFNRnBGYUd0WFIwcEhZMFpvV2sxR2NIWldha1pLWlcxR1JtUkhSbGRXYmtKUlYxaHdTMU14U1hsU2EyUmhVbFJXVDFsc1pHOU5iRnB4VW0wNWEwMVZiRFJaYTFwclYwWmtTR0ZHYkZwaVdFMTRWakJhYzJOc1pIVmFSM0JUWWtad05sWnRNREZoTVdSSFYyNU9hbEpYYUZoVVYzQkdaREZhU0dWRmRGZFdiSEI1V1ZWYWExUnRTbk5UYkd4WFlrZE9ORlY2Umt0amF6VlhXa1pXYVZORlNscFdWRUpYVXpGT1YxcElUbGhpVlZwWFZGWmFjMDVXVm5Sa1IzUlhWakJ3U1ZsVldsTlhiVXBIWTBWNFZrMXVhSEpXYWtaaFl6RmtjazlXWkdsVFJVWXpWbXhqZDAxV1RYaGFSV2hUVjBoQ2IxVnFRbUZXYkZwMVkwWmthMkpHY0hsV01qVnJWVEF4V1ZGclpGVk5WbkJRV1ZWa1YyTXhaSE5qUm1ocFVteHdiMVpyVWtkWGJWWkhWRzVXVldKWGVGUlZiRkpYVjFaa1dHUkhSbFJOVlRWSVZqSjRWMVV5UmpaV2JrNVdZbGhvYUZZeWVITldiR1IwVDFkb1UxWkZXalpXVkVreFdWWlplRk51VGxSaE0yaFlWbXRXWVdGR2JEWlNiR1JxVFZoQ1NWVnRlRTloUjFaelYyMUdWMkpIVGpOYVZWVXhVakZrZFZSc1pHbFNNVXBZVjFaU1MxVXhXWGhWYkdSWVltMVNjMVp0TVRCTk1WcFlaRVU1V0dKR2NIbFpNRnB2VjJzeFIxZHNVbGRoYTFwb1ZXMTRTMk5XVm5OWGJXeFRZbXRLZGxZeWRHRmhNVTE0VTFob2FsSlhVbFpaYTFVeFYwWnNkR1JGZEZkTlZuQjRWVzB4TUdFd01WWk5WRkpYVW0xb2RsWXdaRXRqYlU1R1QxWmthVmRIWjNwV2FrSmhZekpPYzFkdVZtRlNNMEpVV1d0b1EwNUdXbkpaTTJSUFZteHdlbFV5TlZOV2JVcElZVVpzV2xaRldreFZhMXBoVmxaT2NtUkdaRTVXV0VJMFZteGtOR0l5UmtaTldGSm9VbXRhV0Zsc1VrTk9SbFkyVTJzNWExSnNTbmxYYTFwTFlWWktkVkZ1WkZkV2VrVjNXa1JHVDFZeFpITmhSVFZYVW10d1dWWkdXbUZqTURWSFYyNVNUMVpVYkdGV2JYUjNaV3hyZDFkc1RsaGlWVlkxV1ZWV1UxWnJNWFZoU0VwWFlXdGFhRnBGVlRWV01WcHlUbFprVGxaWVFrdFdiVEYzVXpBeFIySkdhRk5pYXpWVlZqQmtVMWRXYkhKWGJtUmFWbXh3ZVZadE1VZFdNREZaVVd4a1YwMXVhSEpaVjNONFYwWldkV0pHVms1V2JrSjVWbTF3UzFNeFNuUlRXSEJoVW0xU1dGcFhkRlprTVZsNFYyMUdXR0pXV2toV1J6VkxWMGRLUms1V2FGWmlSbkJYVkd4Rk9WQlJQVDA9
알파벳 대소문자와 숫자로 되어 있어서 Base64 Decode를 해보았다. (디코딩을 하다보면 마지막에 == 와 같은 패딩 문자가 붙는 것을 확인할 수 있다.)
Base64를 11번 디코딩하면 아래와 같이 다른 형태(알파벳 소문자와 숫자)를 볼 수 있다. (160 글자)
e358efa489f58062f10dd7316b65649ee1671797c52e15f763380b45e841ec3203c7c0ace395d80182db07ae2c30f034e358efa489f58062f10dd7316b65649ed41d8cd98f00b204e9800998ecf8427e
다른 정보를 알아보기 위해서 이번에는 1로 로그인을 하여 1의 userid 쿠키값을 비교하였다.
Vm0wd2QyUXlWa2hWV0doVVYwZDRWVll3WkRSV01WbDNXa2M1V0ZKc2JETlhhMUpUVmpGS2RHVkVRbHBOTTBKSVdWZDRTMk14WkhGUmJVWlhWakZLU1ZadGNFSmxSbGw1VTJ0V1ZXSkhhRzlVVmxaM1ZsWmFkR1ZHV214U2JWSllWVzAxVDJGV1NuTlhiR2hhWWtaV00xcFZXbXRXTVdSelYyMTRVMkpIZHpCV2EyTXhWREZzVjFOdVVtaFNlbXhXVm0xNGQwMXNjRmhsUjBacVlrWmFlVmRyV25kV01rcEpVV3hzVjFaRmEzaFdha3BIVWpGT2RWVnNXbWxTYTNCb1YxWlNSMWxWTUhoWGJrNVlZbFZhY1ZsclpEQk9iR3hXVjJzNVZXSlZXVEpXYlhCaFZqSkZlVlJZYUZkaGExcG9WVEJhVDJOdFJraGhSazVwVmpKb1dWWXhaREJoTWtsNFUydGtXR0pHY0ZsWmJGWmhWa1pTVjFwR1RteGlSbXcxVkZaU1UxWnJNWEpXYWxwV1ZqTm9NMVpxUm1GU2JVbDZXa1p3YUdFelFrbFdWM0JIVkRKTmVGZHVVbWxTYkVwVVZteG9RMWRzV1hoYVJGSldUVlZ3TUZaV2FHOVdiVXB6VTI1T1ZtRnJTbWhXYkZwWFkxWktkRkpzVWxOaVNFSktWa1phYjFReVJrZFRXR2hZWW0xNFdGUlhOVk5rYkZweFVtdDBVMkpIVWpCWlZWcDNZVWRGZUdOSE9WZFdSVXBvVmtSS1RtVldUbkphUm1ocFZqTm9WVlp0ZUc5Uk1XUlhWMWhvV0dKRk5WUlVWbVEwVjFaV2RHUkhkR2hTVkVJMVdsVm9UMVp0U2xsVmFrNWFUVzVvVkZacVNrZFNiRkp6VkdzMVYyRXhhM2RXYWtvd1lXczFWMWRzYUZSaE1YQnhWV3hrTkdGR1duTlhibVJxWWtac00xWXlNVWRoYXpGWVZXcEdWbUpVUmtoV2FrWmhaRlpHYzFac2FGaFRSVXBKVm10U1MxUXlUWGhqUld4VllrWndjRlpxVG05a2JGcEhWbTA1VWsxWFVraFdNalZUVkd4a1NGVnNXbFZXYkZwWVZHdGFWMk15UmtoUFZtUnBWbGhDU1ZkVVFtRmpNV1IwVTJ4V1UySkdTbGhVVlZwM1lVWnJlRmRyWkdwTmF6VkhWR3hrYzFVeVNuSlRiVVpYVFZaS1VGcEVSa3BsUm1SMVUyczFWMkpJUW5oV1Z6QjRWVEZrUjJKSVNtRlNlbXh5V1d0YWQyVkdWblJrUkVKV1RXdHdTVlpYTlhkV01WbDZZVVJPV2xaWFVrZGFWM2hIWTJzeFYxcEdaRTVOUlhCT1ZteGpkMlZHV1hsVmEyUlZZbXR3YUZWcVNtOVdSbXh6VjJ0MFYxWnRVbGhXVjNNMVZXc3hWMWR1Y0ZkTmFsWlFWMVphUzFKc1RuTmhSbFpYVFRBeE5GWkdWbUZaVjFKR1RsWmFVRlp1UWxoWldIQlhVMFphU0dWSFJsWk5WbXcxVld4b2MxWnNXa1pUYkdoWFlXczFkbGxWV21GalZrcHpXa1pvVjJKclNrbFdWbVEwV1ZaWmVGTnJXbE5XUlZVNQ%3D%3D
test 보다 길이가 줄어들었고 이를 통해서 입력한 문자의 길이에 따라 쿠키값의 길이도 비례한다는 사실을 알 수 있다. 그리고 마지막에 %3D는 '=' 이다.
따라서 어떠한 값을 Base64로 11번 인코딩해서 패딩 문자가 있을 경우 URL 인코딩하여 쿠키값으로 설정한다는 것도 알 수 있다.
Base64를 11번 디코딩한 결과 (64 글자)
c4ca4238a0b923820dcc509a6f75849bd41d8cd98f00b204e9800998ecf8427e
2로 로그인하여 2의 userid 쿠키값도 Base64로 디코딩하여 비교하였다. (64 글자)
c81e728d9d4c2f636f067f89cc14862cd41d8cd98f00b204e9800998ecf8427e
Base64로 디코딩한 값을 보면 d41d8cd98f00b204e9800998ecf8427e (32 글자)가 공통적으로 뒤에 붙어있는 것을 알 수 있고 이를 제거하면 앞에는 입력한 글자 수 x 32글자인 것을 알 수 있다.
즉, test는 t,e,s,t를 각각 MD5를 적용하여 나온 결과값과 d41d8cd98f00b204e9800998ecf8427e 를 더한 다음 Base64로 11번 인코딩하고 마지막에 '=' 패딩 문자가 있을 경우 URL 인코딩한 값이다.
md5(NULL) = d41d8cd98f00b204e9800998ecf8427e
admin으로 로그인하기 위해서는 a,d,m,i,n을 MD5한 값과 NULL 값을 MD5을 더해서 Base64로 11번 인코딩하고 '=' 패딩 문자가 있을 경우 URL 인코딩한 값을 userid 쿠키값으로 바꿔서 적용하면 할 수 있다.
a = 0cc175b9c0f1b6a831c399e269772661
d = 8277e0910d750195b448797616e091ad
m = 6f8f57715090da2632453988d9a1501b
i = 865c0c0b4ab0e063e5caa3387c1a8741
n = 7b8b965ad4bca0e41ab51de7b31363a1
NULL = d41d8cd98f00b204e9800998ecf8427e
admin(NULL) = 0cc175b9c0f1b6a831c399e2697726618277e0910d750195b448797616e091ad6f8f57715090da2632453988d9a1501b865c0c0b4ab0e063e5caa3387c1a87417b8b965ad4bca0e41ab51de7b31363a1d41d8cd98f00b204e9800998ecf8427e
Base64_encode(admin(NULL)) x 11 (마지막에 나온 값 중에서 '='는 %3D로 변경)
= Vm0wd2QyUXlWa1pOVldScFVtMVNXVll3WkRSV1JsbDNXa2M1VjAxV2JETlhhMUpUVmpGS2RHVkVRbUZTVjJoeVZteFZlRll5VGtWUmJVWlhWakZLU1ZacVNqUlpWMUpYVW01T2FWSXdXbFJXYWtaTFUxWmFjVk5xVWxwV01VcEpWbTEwYTJGV1NuTlhiR2hhWVRGYU0xWnNXbXRXTVhCRlZXeHdWMDFFUlRCV2EyTXhWREZzVjFOdVVtaFNlbXhXVm0weGIxRXhjRmhsUjNSWVVqRktTVlZ0ZUZOVWJVcEdZMFZ3VjJKVVJYZFpla3BIVWpGT2RWVnNXbWhsYlhob1ZtMXdUMVV5UmtkVmJHaHNVakJhY1ZSV1duZE5SbFowWlVaT1ZXSkdjRnBWVjNCWFZqRktjMk5IYUZkaGExcG9Xa1ZhVDJOdFJraGhSazVwVjBkb1dWWnJXbGRaVm14WFZXdGtXR0pHY0ZsWmJGWmhWbFpXY1ZKdFJsUlNiR3cxV1ROd1YxWXdNWEpqUm1oV1RXNVNlbFpxU2tkamJVbzJVV3h3YkdFelFrbFdiWEJIVkRKTmVGZHVVbWxTYXpWeldXeG9iMkl4V1hoYVJFSm9UV3RzTkZadGRHdFdiVXB6VTI1T1ZtRnJTbWhXYkZwWFl6RldjMXBHYUdsU01VbzFWbXBLTkZReVJrZFRXR2hZWW0xNFdGUlhOVU5YUmxweFVtdHdiR0pWV2twV01uaGhZVWRGZUdOR2FGaGlSbHBvV1ZSS1QyTXlUa1phUmxwcFZqSm9lbGRYZUc5aU1rbDRWMjVTVGxKRlduSlVWbFp6VGtaYVYyRkhPV2hpUlhBd1dWVm9UMVp0Um5KT1ZsSmFUVlp3VkZacVJtdGtSa3AwWlVaa2FWSnNhM2hXTVZKUFpERlplRmRZWkU1V2JWSnhWV3hrVTFkR1VsaE9WemxxWWtad2VGVnRNVWRoTVVwelUyNW9WMVl6YUZoV2FrWmhaRlpHYzFWc2FHbFNia0p2VmpGYWExVXhXWGhXYmxaVllsVmFWRlJYTVc5a2JHUnpXa1JTV2xadFVraFdNalZUVkd4T1NHRkdRbFppV0U0MFZHeGFZV1JIVmtoa1JtUnBWbGhDU2xac1pEUmpNV1IwVTJ4c1ZWZEhhR0ZVVmxwM1lVWndSbHBHWkZSU2EzQjZWMnRrYzFVeVNrbFJiVVpYVFc1b1dGWnFSbEpsUm1SMVUyczFWMkpJUW5kV1YzUldUVlphYzFkdVRtRlNlbXh5V1d0YWQyVkdWblJrUkVKVlRXdHdTRmt3YUc5V01VbDZZVWhLVjFKNlJraFpNbmhyWXpKS1IxcEdaR3hoTVd0NVZtdGFZVmxYUlhoWFdHaFlZbXhhVmxsc1ZtRldSbXh6V2tjNVYxWnNjRWhXTW5ocllUQXhWMVpxVWxkTmFsWlVWa2Q0WVZKc1RuTmhSbFpYWWxaRmQxWnFSbUZXYlZaSVVtdG9VRlp1UWxoWldIQlhVMFprVlZGdFJtaE5WMUl3VlRKMGExZEhTbGhoUjBaVlZsWndNMWxWV25OT2JFcHpXa2QwVjJKRmNEWldiR1EwWVRKR1YxTlljRnBOTWxKWVdXeG9iMk5zVWxaYVJWcHNVbTFTZWxZeWN6RlhSa3BWVm14d1dGWnRVWGRWZWtaclVqRmFkVkpzVm1oTlJGWlpWbGN4TkdReVZuTmFTRXBYWVd0S1YxUlZVa2RXTVZKellVaE9WMDFWYkRaWlZWcHZWMnhhYzJORmVGcGxhMXB5Vm14YVIyTXhjRWRhUms1WFYwVktNbFp0TUhoa01VMTRWbGhvVldFeVVsVlpiWFIzVjFac1dXTklUbGhTYkVwWlZGWmpOV0V3TVZkalJteGFUVVpWTVZsVlpFdFdNV1J6WVVaa1RtRnNXazFXYWtKclV6RmtWMVp1VmxSaVJscFlXV3RvUTJJeFpITlhiVVpXVFZac05GZHJhRk5WTWtwSFYyNUNWbUpVVmtSVk1WcHJWbFpHZEdORk9WZGlXR2haVm1wR2IyUXlSa2RUYkd4b1VtMW9XRmxzYUc5Tk1WbDNWMjVLYkZKdFVubGFSV1IzWVZaSmVGTnFWbGRTTTJob1dWUktSMVl4WkhWVGJYQlRZbXRLV1ZkWGVHOWlNazV6Vld4YVdHSnJOVmhVVmxwaFRWWmFTR1ZIT1doV2EzQjZXVEJhVjFkR1duTlRhMmhoVWtWYVlWcFZaRXRUVmxKelYyMW9UbUpGY0RaV01XUXdXVmRSZUZkWWFGaFhSM2h5Vld0V1MxWXhVbFpWYTJSc1ZteHdNRmt3WkVkWFIwcEhZMFpvV2sxSGFHaFdha0Y0VWpKT1IxRnNXbWxYUjJoUlYxUktORmxYVFhsU2EyUmhVako0V0ZsVVNqQk9WbHB4VTJwU1YwMVhlRmhXVm1odlZrWmtTR0ZHWkZwaVdFMTRWakJhYzJOc1duVmFSM0JUWWtaWmVsWnRNVEJOUm1SSFYyNU9hbEpYYUZoWmJGSkdaREZhU0dNemFHcE5WMUl4V1RCYWExUnNXWGxoUkZwWVZqTlNhRlY2U2s5amF6VlhXa1pXYVZORlNscFdWRUpYVXpGT1YxcElUbGhpVlZwWFZGWmFkMDFHVm5Sa1NFNVhWakJ3U1ZaWGN6VldNa3BWVm10U1ZrMUdjR2haTVZwUFYxZEdSMVJyTlZkaWEwcGFWbTF3UjJJeVVYaFhibEpVWWtkb2IxVnFRbUZaVmxweFZHeE9hRkpzY0hsV01uaDNZa1pLZFZGclpGVk5WbkJRV1ZWa1YyTXhaSE5oUm1SVFVsWndiMVpyVWtkWGJWWkhWRzVXVkdKWGFFOVVWekZ2VjFaa1dHVkhPVlpOYTFwSVdXdG9SMVpIUlhwUmJrNVdZbFJXUkZVeWVHRlRSMVpJVDFkb1UxWkZXWGRYVmxacllqRlplRk51VGxSaVJVcFhWbXRXWVdGR2JEWlRhM1JUVFZad2VsWkhNVzlVYXpGV1kwWmFWMkV4Y0doWFZscE9aVVprZFZSc1pHbGlSWEJSVm0xNFUyTXlTWGhpU0VwWVltczFUMVJXV25OT1ZuQkdZVVU1V0ZJd2NGZFdiWEJUVjJzeFIxZHNVbGRoYTNCSVdUSjRhMk50VmtoU2JFNVhUVlZ3Vmxac1pEUlpWbGw1VkZob2FsSldjRkJXYlRGVFkwWnNWVkZ1V2s1V2JIQXdWRlpTVTJGRk1YTlhha0pYWWxoU2NsWnJXbXRUUjFaSFZteHdWMUpYT0hkV2JYQkhZekpPYzFwSVVsTmlXRUpVV1d0b1EwNUdXbFZUV0dSUFZteHdlbFV5TlU5aGJFcDBaVWRHVlZaV2NHaFpNbmhoWTFaT2NtUkdaRTVXV0VJMFZteGtOR0V4V1hkTlNHeG9VMGQ0V0ZSV1duZGhSbFkyVW0xMFUwMVdjREZXVjNoRFZqSktWMU51WkZkV2VrVjNXa1JHYTFZeFpIVlZhelZYVW10d1dWWkdaRFJUTVVsNFZXeGtXR0pIVWxkWmJGWjNVMnhXV0dWSE9WaGlWVlkxV1ZWV1UxWnJNWFZoUjJoYVpXdGFlbFJ0ZUV0ak1VNXlUbFprYVdFd2NHRldiWEJMVFVaWmVWUllhRmRpYkVwVVZqQmtORll4YkhOYVJ6bFlVbTE0V1ZremNFZFdWVEZaVVd4a1YwMXFWa3haYTFwTFpFWldkV05HWkZObGExWXpWbXhTUW1WR1NYbFVhMXBvVW0xU1ZGUlVTbTlpTVdSWFZXdGtWazFyTVRSWGEyaFBXVlpLZEdGR2JGWk5SbHBNVmpGYWExWXhWbkphUjNST1lURndTVmRYZEdGV01WVjVVMnRvVm1KcldtRldNR2hEVjBaYWNWSnRkR3BpU0VKSlZERmFWMkZIVm5KWFdHaFlWbXhhYUZscVJscGxWazV6WWtaYWFWWXlhRnBXYlRFMFpERmtSMWR1UmxOaVZWcHlWbTEwZDJWc1draE5XRTVvVWpGYWVsWXllRWRXTWtWNFkwZG9XRlpzY0U5YVZWcHJWMWRHU0ZKc1VsTlhSVXBhVmpGamQyVkdWWGxVYTJSWFlteEtjMVV3WkZOWFJteHlWMjFHVGxKdVFrZFhhMVpyVmpBeFJWSnNhRnBpYmtKTVZtMHhTMUl4VG5KVmJHUm9ZVEZ3YjFadGNFdFVNVTVJVW10a1dHRjZWbFJaYlhSSFRteGFjMXBFVWxwV2JGWTFWa1pvYjFkSFNuSk9WMmhXWWxSR1ZGbHFSbE5XVmtaeVYyMTRVMkpJUVhkWGExWnJUVVpSZUZOdVRtcFRSM2hXV1d0YWQyTnNXbk5hUlZwc1ZteGFlbGxyV25kaFZtUklZVVV4V0ZaRldtaFdha3BQVmpGS2RWVnNUbWxXTTJoUVZtMXdUMkl3TlhOWFdHeHJVbXh3VUZadGVFdGxWbEpYVjIxMGFHSkZjRmxaVlZwelYyeGFSbU5JV2xwTmJtaDZWbTE0WVZkWFJraGpSMnhYVmtaYVNWWnRkR3RPUm14WFZsaHNWR0V4Y0ZsV01HaERWMFphYzFkdVpGTk5Wa1kwVmpKMFQxWnRTa1pUYkZwVlZsWkdNMVZHUlRsUVVUMDk%3D
쿠키값을 변경하고 나서 새로고침을 누르면 문제를 풀 수 있다.
+추가
id=% admin
으로 문제를 풀 수 있다.
id=%25admin
id=%%20admin
id=ad%min
id=admin%
id=admin%%
등등..
다양한 방법으로도 문제를 풀 수 있다.
'Wargame > Webhacking.kr' 카테고리의 다른 글
| Challenge 24 (0) | 2015.08.02 |
|---|---|
| Challenge 23 (0) | 2015.08.02 |
| Challenge 22 (0) | 2015.07.12 |
| Challenge 21 (0) | 2015.07.12 |
| Challenge 20 (0) | 2015.07.09 |
| Challenge 18 (0) | 2015.07.07 |
| Challenge 17 (0) | 2015.07.07 |
| Challenge 16 (0) | 2015.07.07 |
| Challenge 15 (0) | 2015.07.07 |
| Challenge 14 (0) | 2015.07.07 |