까만 배경에 Login 버튼과 Join 버튼이 보인다.
Join 버튼을 누르면 Access_Denied 라는 문자열을 담은 알림창이 뜬다.
Login 버튼을 눌렀을 때 나타나는 첫 화면이다.
아이디와 비밀번호를 입력하는 화면이 뜬다.
주소창을 보니 항상 뜨던 webhacking.kr/challenge/web-05/ 주소 뒤에 mem이라는 디렉토리가 있는 것을 발견했다.
들어갈 수 없었던 Join 페이지를 확인하기 위해 join.php를 눌렀다.
그 결과 bye라는 문자열을 띄워줬고
join.php에 성공적으로 들어오게 되었다.
하지만 검은 배경에 아무런 글자가 적혀있지 않았다.
<html>
<title>Challenge 5</title></head><body bgcolor=black><center>
<script>
l='a';ll='b';lll='c';llll='d';lllll='e';llllll='f';lllllll='g';llllllll='h';lllllllll='i';llllllllll='j';lllllllllll='k';llllllllllll='l';lllllllllllll='m';llllllllllllll='n';lllllllllllllll='o';llllllllllllllll='p';lllllllllllllllll='q';llllllllllllllllll='r';lllllllllllllllllll='s';llllllllllllllllllll='t';lllllllllllllllllllll='u';llllllllllllllllllllll='v';lllllllllllllllllllllll='w';llllllllllllllllllllllll='x';lllllllllllllllllllllllll='y';llllllllllllllllllllllllll='z';I='1';II='2';III='3';IIII='4';IIIII='5';IIIIII='6';IIIIIII='7';IIIIIIII='8';IIIIIIIII='9';IIIIIIIIII='0';li='.';ii='<';iii='>';lIllIllIllIllIllIllIllIllIllIl=lllllllllllllll+llllllllllll+llll+llllllllllllllllllllllllll+lllllllllllllll+lllllllllllll+ll+lllllllll+lllll;
lIIIIIIIIIIIIIIIIIIl=llll+lllllllllllllll+lll+lllllllllllllllllllll+lllllllllllll+lllll+llllllllllllll+llllllllllllllllllll+li+lll+lllllllllllllll+lllllllllllllll+lllllllllll+lllllllll+lllll;if(eval(lIIIIIIIIIIIIIIIIIIl).indexOf(lIllIllIllIllIllIllIllIllIllIl)==-1) {alert('bye');throw "stop";}if(eval(llll+lllllllllllllll+lll+lllllllllllllllllllll+lllllllllllll+lllll+llllllllllllll+llllllllllllllllllll+li+'U'+'R'+'L').indexOf(lllllllllllll+lllllllllllllll+llll+lllll+'='+I)==-1){alert('access_denied');throw "stop";}else{document.write('<font size=2 color=white>Join</font><p>');document.write('.<p>.<p>.<p>.<p>.<p>');document.write('<form method=post action='+llllllllll+lllllllllllllll+lllllllll+llllllllllllll+li+llllllllllllllll+llllllll+llllllllllllllll
+'>');document.write('<table border=1><tr><td><font color=gray>id</font></td><td><input type=text name='+lllllllll+llll+' maxlength=20></td></tr>');document.write('<tr><td><font color=gray>pass</font></td><td><input type=text name='+llllllllllllllll+lllllllllllllllllllllll+'></td></tr>');document.write('<tr align=center><td colspan=2><input type=submit></td></tr></form></table>');}
</script>
</body>
</html>
페이지 소스보기를 통해 소스코드를 확인한 결과,
알파벳과 숫자를 나타내는 표현 방식이 있다는 것을 알 수 있었고
콘솔 창을 통해 해석해본 결과,
대략 document.cookie에 oldzombie라는 문자열이 없거나, document.URL에 mode=1라는 문자열이 없으면 bye 된다는 뜻이다.
oldzombie 라는 내용을 가진 쿠키(new)를 생성해 준 후, url에 ?mode=1을 추가하여 해당 페이지로 접속해본다.
안 보이던 join.php 화면이 보이기 시작했다.
아이디 패스워드 모두 test로 가입한 후
로그인을 해보니 .. admin으로 로그인을 해야한다고 뜬다.
아이디를 admin으로 한 결과, 중복되는 결과라고 뜬다.
따라서 앞에 공백을 5개 준 후 join 해보니 성공적으로 가입이 되었다.
그리고 나서 다시 login
'WEB > WEB Hacking' 카테고리의 다른 글
| [Webhacking.kr] Challenge(old) 7번 풀이 (0) | 2021.05.08 |
|---|---|
| [Webhacking.kr] Challenge(old) 6번 풀이 (0) | 2021.05.07 |
| [Webhacking.kr] Challenge(old) 4번 풀이 (0) | 2021.05.06 |
| [Webhacking.kr] Challenge(old) 3번 풀이 (0) | 2021.05.04 |
| [Webhacking.kr] Challenge(old)1번 풀이 (0) | 2021.05.04 |