\u30dc\u30fc\u30ca\u30b9\u554f\u984c\u4ee5\u5916\u304c\u89e3\u3051\u3066\u5b09\u3057\u304b\u3063\u305f\u306e\u3067\u8abf\u5b50\u306b\u4e57\u3063\u3066\u66f8\u3044\u3066\u307f\u308b\u3002
\n\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3068\u304b\u64ae\u3063\u3066\u306a\u304b\u3063\u305f\u306e\u3067\u6587\u5b57\u3067\u66f8\u304f\u3060\u3051\u3002<\/p>\n
<\/p>\n
\u9069\u5f53\u306b\u30e6\u30fc\u30b6\u540d\u3092\u5165\u308c\u3066\u30ed\u30b0\u30a4\u30f3\u30dc\u30bf\u30f3\u3092\u62bc\u3059\u3068\/welcome\u306b\u98db\u3070\u3055\u308c\u3066\u30ed\u30b0\u30a4\u30f3\u6210\u529f\u3068\u51fa\u308b\u304c\u3001key\u306fadmin\u3060\u3051\u3088\u3068\u8a00\u308f\u308c\u308b\u3002
\n\u305d\u3053\u3067\u30e6\u30fc\u30b6\u540d\u306badmin\u3068\u5165\u308c\u3066\u30ed\u30b0\u30a4\u30f3\u30dc\u30bf\u30f3\u3092\u62bc\u3059\u3068\u3001admin\u3067\u306f\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u307e\u305b\u3093\u3068\u51fa\u308b\u3002<\/p>\n
admin\u4ee5\u5916\u306e\u30e6\u30fc\u30b6\u540d\u3092\u5165\u308c\u3066\u30ed\u30b0\u30a4\u30f3\u6210\u529f\u3057\u305f\u5834\u5408\u3001Cookie\u304c\u30bb\u30c3\u30c8\u3055\u308c\u308b\u3002
\n\u898b\u3066\u307f\u308b\u3068\u3001username=xxxxxxxx\u3068\u306a\u3063\u3066\u304a\u308a\u3001xxxxxxxx\u306e\u90e8\u5206\u306b\u306f\u5165\u529b\u3057\u305f\u30e6\u30fc\u30b6\u540d\u306e\u6587\u5b57\u6570x2\u6587\u5b57\u306e\u6587\u5b57\u5217\u304c\u5165\u3063\u3066\u304a\u308a\u30012\u6587\u5b57\u3067\u30e6\u30fc\u30b6\u540d1\u6587\u5b57\u5206\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u308b\u3068\u63a8\u6e2c\u3067\u304d\u308b\u3002
\n\u30e6\u30fc\u30b6\u540d\u3092\u3044\u308d\u3044\u308d\u3068\u5909\u3048\u3066\u3084\u3063\u3066\u307f\u308b\u3068\u3001\u30e6\u30fc\u30b6\u540d\u306en\u6587\u5b57\u76ee\u3068xxxxxxxx\u306e\u5bfe\u5fdc\u3059\u308b\u90e8\u5206\u306e\u5bfe\u5fdc\u30eb\u30fc\u30eb\u306f\u56fa\u5b9a\u3067\u3042\u308b\u3053\u3068\u304c\u308f\u304b\u308b\u306e\u3067\u3001\u4e00\u5ea6\u30e6\u30fc\u30b6\u540d\u3092admini\u306b\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u30dc\u30bf\u30f3\u3092\u62bc\u3057\u305f\u5f8c\u3001Cookie\u306eusername\u306e\u90e8\u5206\u306e\u5f8c\u308d2\u6587\u5b57\u3092\u524a\u3063\u3066(‘admin’\u306b\u5bfe\u5fdc\u3059\u308b\u6587\u5b57\u5217\u306b\u3057\u3066)\u304b\u3089\/welcome\u306b\u79fb\u52d5\u3059\u308b\u3068admin\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u305f\u3053\u3068\u306b\u306a\u308a\u3001key\u304c\u8868\u793a\u3055\u308c\u308b\u3002<\/p>\n
\u9069\u5f53\u306busername\u3068password\u3092\u5165\u308c\u3066\u30ed\u30b0\u30a4\u30f3\u30dc\u30bf\u30f3\u3092\u62bc\u3059\u3068\u30ed\u30b0\u30a4\u30f3\u306b\u5931\u6557\u3059\u308b\u3002
\n\u30ec\u30b9\u30dd\u30f3\u30b9\u30d8\u30c3\u30c0\u3092\u898b\u3066\u307f\u308b\u3068\u3001X-Sql\u3068\u3044\u3046\u30d8\u30c3\u30c0\u304c\u3042\u308a\u3001SQL\u6587\u304c\u66f8\u3044\u3066\u3042\u3063\u305f\u3002<\/p>\n
\r\nX-Sql: select username from users where username='xxx' and password='yyy' limit 1;\r\n<\/pre>\n\u306f\u3044\u3001\u3068\u3044\u3046\u308f\u3051\u3067SQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3067\u3059\u306d\u3002
\nusername\u306b<\/p>\n\r\n' or 1=1;--\r\n<\/pre>\n\u306a\u3069\u3068\u5165\u308c\u308b\u3068\u3001root\u3068\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3057\u305f\u3068\u51fa\u308b\u3082\u306e\u306ekey\u306f\u51fa\u306a\u3044\u3002
\n\u3067\u306froot\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u306bkey\u304c\u3042\u308b\u3060\u308d\u3046\u3068\u601d\u3044username\u3092<\/p>\n\r\n' union select password from users where username='root';--\r\n<\/pre>\n\u3068\u3057\u3066\u307f\u3066\u3082\u300c\u6b8b\u5ff5\u3002\u305d\u308c\u306f\u9055\u3046\u300d\u3068\u51fa\u308b\u3002
\nusers\u30c6\u30fc\u30d6\u30eb\u306b\u306f\u3082\u30461\u30ec\u30b3\u30fc\u30c9(username=user)\u3042\u3063\u305f\u304c\u3001\u305d\u3061\u3089\u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3067\u3082\u306a\u3044\u3002
\n\u3067\u306fusers\u30c6\u30fc\u30d6\u30eb\u306e\u5225\u30d5\u30a3\u30fc\u30eb\u30c9\u304b\u5225\u30c6\u30fc\u30d6\u30eb\u306b\u3042\u308b\u3060\u308d\u3046\u3068\u63a8\u6e2c\u3002
\n\u3044\u308d\u3044\u308d\u8a66\u3057\u305f\u3068\u3053\u308d\u3001DB\u306fSQLite3\u3067\u3042\u308b\u3053\u3068\u304c\u5224\u660e\u3057\u305f\u306e\u3067\u3001\u4ee5\u4e0b\u306eusername\u3067\u30c6\u30fc\u30d6\u30eb\u69cb\u9020\u3092\u53d6\u5f97\u3002<\/p>\n\r\n' union select sql from sql_master where type='table' and name='users';--\r\n<\/pre>\nusername\u3068password\u3057\u304b\u30d5\u30a3\u30fc\u30eb\u30c9\u304c\u306a\u304b\u3063\u305f\u306e\u3067\u3001\u5225\u30c6\u30fc\u30d6\u30eb\u3092\u635c\u7d22\u3059\u308b\u3068\u3001keys\u3068\u3044\u3046\u30c6\u30fc\u30d6\u30eb\u304c\u3042\u3063\u305f\u306e\u3067\u3001username\u3092<\/p>\n
\r\n' union select value from keys;--\r\n<\/pre>\n\u3068\u3057\u3066key\u3092\u53d6\u5f97\u3002<\/p>\n
OMGACM (guerilla programming) 1\u00a0 – pieceofeight –<\/h2>\n
\u6307\u5b9a\u3055\u308c\u305f\u30db\u30b9\u30c8\u306btelnet\u3067\u63a5\u7d9a\u3059\u308b\u3068\u30018\u30d1\u30ba\u30eb\u306e\u76e4\u9762\u304c\u9001\u3089\u308c\u3066\u304f\u308b\u3002
\n\u9001\u4fe1\u3057\u305f\u6587\u5b57\u306b\u3088\u308a\u76e4\u9762\u304c\u5909\u5316\u3059\u308b\u3002<\/p>\n
\u3053\u306e4\u6587\u5b57\u304b\u3089\u6210\u308b\u30b7\u30fc\u30b1\u30f3\u30b9\u3092\u9001\u3063\u30668\u30d1\u30ba\u30eb\u3092\u89e3\u304f\u3002
\n\u89e3\u3051\u308b\u3068\u6b21\u306e\u554f\u984c\u304c\u9001\u3089\u308c\u3066\u304f\u308b\u3002
\n\u3053\u308c\u3092\u7e70\u308a\u8fd4\u3057\u306650\u554f\u89e3\u304f\u3068key\u304c\u9001\u3089\u308c\u3066\u304f\u308b\u304c\u3001\u6642\u9593\u5236\u9650\u304c\u3042\u308a\u3001\u89e3\u7b54\u306b\u6642\u9593\u304c\u304b\u304b\u308b\u3068\u6012\u3089\u308c\u3066\u63a5\u7d9a\u3092\u5207\u65ad\u3055\u308c\u3066\u3057\u307e\u3046\u306e\u3067\u3001\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u30b9\u30d4\u30fc\u30c9\u52dd\u8ca0\u3002<\/p>\n
A*\u6cd5\u3067\u89e3\u304f\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u81ea\u4f5c\u3057\u3088\u3046\u304b\u3068\u4e00\u6642\u306f\u601d\u3063\u305f\u304c\u3001\u81ea\u5206\u306e\u5834\u5408\u3072\u3069\u304f\u6642\u9593\u304c\u304b\u304b\u308b\u3053\u3068\u304c\u4e88\u898b\u3055\u308c\u305f\u306e\u3067\u3001\u3050\u3050\u3063\u3066\u51fa\u3066\u304d\u305f\u3053\u3061\u3089\u306e\u30b5\u30a4\u30c8<\/a>\u306b\u3042\u308b\u30b3\u30fc\u30c9\u3092\u4f7f\u308f\u305b\u3066\u3082\u3089\u3063\u305f\u3002 hack the planet!<\/p>\n","protected":false},"excerpt":{"rendered":" \u30dc\u30fc\u30ca\u30b9\u554f\u984c\u4ee5\u5916\u304c\u89e3\u3051\u3066\u5b09\u3057\u304b\u3063\u305f\u306e\u3067\u8abf\u5b50\u306b\u4e57\u3063\u3066\u66f8\u3044\u3066\u307f\u308b\u3002 \u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8\u3068\u304b\u64ae\u3063\u3066\u306a\u304b\u3063\u305f\u306e\u3067\u6587\u5b57\u3067\u66f8\u304f\u3060\u3051\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"cybocfi_hide_featured_image":"","footnotes":""},"categories":[1],"tags":[8,7],"class_list":["post-131","post","type-post","status-publish","format-standard","hentry","category-1","tag-ctf","tag-defcon"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/comments?post=131"}],"version-history":[{"count":8,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/131\/revisions"}],"predecessor-version":[{"id":141,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/posts\/131\/revisions\/141"}],"wp:attachment":[{"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/media?parent=131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/categories?post=131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/emeth.jp\/diary\/wp-json\/wp\/v2\/tags?post=131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\u51fa\u3066\u304d\u305f\u554f\u984c\u3092\u3072\u305f\u3059\u3089\u89e3\u304b\u305b\u306650\u554f\u89e3\u3044\u3066key\u3092\u53d6\u5f97\u3002<\/p>\nOMGACM (guerilla programming) 5<\/h2>\n