All category에 해당하는 글 51

웹해킹 webhacking.kr Lv.5 / 5번 / - (소스보기, 복합)

Study-security/Web-Hack|2013. 7. 7. 21:36

 http://webhacking.kr/challenge/web/web-05/


5번 문제는 admin으로 로그인을 해야 하는 문제입니다.


접속하면 아래와 같은 화면을 만나게 됩니다.




여기서 Login으로 접속하여, 로그인을 시도하면 admin으로 접속하라는 문구를 보게 됩니다.



하지만, admin으로 하면 password가 틀리다고 나옵니다.




따라서 Join을 통해 admin으로 가입해야 함을 알수 있습니다.




Join을 눌러보면 아래와 같이 접속이 불가능하다고 뜹니다.

그러나, login할때의 주소를 통해 join으로 접근하는 주소 유추 가능합니다.


그렇게 join으로 접속해 보아도 보이는건 검은 화면 뿐 입니다.



소스보기를 해 봅니다.

<html>
<title>Challenge 5</title></head><body bgcolor=black><center>
<script>
l='a';
ll='b';
lll='c';
llll='d';
lllll='e';
llllll='f';
lllllll='g';
llllllll='h';
lllllllll='i';
llllllllll='j';
lllllllllll='k';
llllllllllll='l';
lllllllllllll='m';
llllllllllllll='n';
lllllllllllllll='o';
llllllllllllllll='p';
lllllllllllllllll='q';
llllllllllllllllll='r';
lllllllllllllllllll='s';
llllllllllllllllllll='t';
lllllllllllllllllllll='u';
llllllllllllllllllllll='v';
lllllllllllllllllllllll='w';
llllllllllllllllllllllll='x';
lllllllllllllllllllllllll='y';
llllllllllllllllllllllllll='z';
I='1';
II='2';
III='3';
IIII='4';
IIIII='5';
IIIIII='6';
IIIIIII='7';
IIIIIIII='8';
IIIIIIIII='9';
IIIIIIIIII='0';
li='.';ii='<';iii='>';lIllIllIllIllIllIllIllIllIllIl=lllllllllllllll+llllllllllll+llll+llllllllllllllllllllllllll+lllllllllllllll+lllllllllllll+ll+lllllllll+lllll;

lIIIIIIIIIIIIIIIIIIl=llll+lllllllllllllll+lll+lllllllllllllllllllll+lllllllllllll+lllll+llllllllllllll+llllllllllllllllllll+li+lll+lllllllllllllll+lllllllllllllll+lllllllllll+lllllllll+lllll;

if(eval(lIIIIIIIIIIIIIIIIIIl).indexOf(lIllIllIllIllIllIllIllIllIllIl)==-1)
{bye;}

if(eval(llll+lllllllllllllll+lll+lllllllllllllllllllll+lllllllllllll+lllll+llllllllllllll+llllllllllllllllllll+li+'U'+'R'+'L').indexOf(lllllllllllll+lllllllllllllll+llll+lllll+'='+I)==-1){

alert('access_denied');history.go(-1);

}

else

{

document.write('<font size=2 color=white>Join</font><p>');

document.write('.<p>.<p>.<p>.<p>.<p>');

document.write('<form method=post action='+llllllllll+lllllllllllllll+lllllllll+llllllllllllll+li+llllllllllllllll+llllllll+llllllllllllllll+'>');

document.write('<table border=1><tr><td><font color=gray>id</font></td><td><input type=text name='+lllllllll+llll+' maxlength=5></td></tr>');

document.write('<tr><td><font color=gray>pass</font></td><td><input type=text name='+llllllllllllllll+lllllllllllllllllllllll+' maxlength=10></td></tr>');

document.write('<tr align=center><td colspan=2><input type=submit></td></tr></form></table>');

}

</script>
</body>
</html>


굉장히 난독화 되어있습니다.


요소 검사(Chrome 기준 오른클릭 이후 맨 아래쯤에 있습니다.)의 Console을 활용 혹은, 메모장등을 이용하여 난독화된 부분들을 해석하고, 조건을 맞춰주면 가입창을 볼수 있습니다.




하지만, admin으로 가입하려 하면 이미 있는 아이디라 뜹니다.




공백문자등을 이용하려 하지만, 5글자 제한이 있습니다.

paros 등 웹프록시툴을 이용하여 수정하면, 5글자 제한을 벗어나 id수정이 가능해집니다.



댓글()