Upload
zaki4649
View
33.873
Download
1
Embed Size (px)
DESCRIPTION
5/23に開催したssmjpでLTした資料です。一部内容の追記をしています。
Citation preview
2. Web CTF TwitterID: tigerszk 3. 4. Web NW Internet 5. OS Web
Web Web Web 6. 30Web 7. Web :vultest
:[email protected]
:
POST /confirm.php HTTP/1.1 Host: example.jp Cookie:
PHPSESSID=xxxxxxxxxx
name=vultest&mail=vultest%40example.jp&gender=1 HTTP
Response HTTP Request 8. POST /confirm.php HTTP/1.1 Host:
example.jp Cookie: PHPSESSID=xxxxxxxxxx
name=vultest&mail=vultest%40example.jp>xss&gender=1
:vultest
:[email protected]>xss
:
HTTP Response HTTP Request ,> XSS 9. 10. Web etc 11. Proxy HTTP
Response HTTP Request HTTP Response HTTP Request Proxy Proxy 12.
Proxy Burp Suite http://portswigger.net/burp/ OWASP ZAP
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Fiddler http://www.telerik.com/fiddler Man In the Middle HTTPS 13.
WebWeb DB etc IDSIPS 14. 15. Web EC LAMP CENTOS,Apache,PHP,Mysql
16. 17. 18. (^o^) 19. 20. 21. 22. DB 23. 1. ID 2. 24. SQL 25. SQL
26. Web EC 27. Web 100 http://exmple.jp?cost = 100 Web ( ) SELECT
name FROM goods WHERE cost = 100 ; SQL SQLHTTP 100 HTML .. HTTP
Request HTTP Response SQL name 28. Web SQL
http://exmple.jp?cost=100; DELETE FROM users Web SQL SELECT name
FROM goods WHERE cost = 100 ; DELETE FROM users ; HTTP Request HTTP
Response OS SQL WebSQLHTTP 29. Web SQL 1. SQLPrepared Statement()
2. SQL DBMS SQL 30. SQL-1- SQLSQLDBMS SELECT * FROM member WHERE
name = 'tanaka'; tanaka SQL 1 SELECT * FROM member WHERE name =''';
' SQL SQL error 31. SQL-2- SELECT * FROM member WHERE name =
'tanaka' AND 'a' = 'a'; tanaka' AND 'a' = 'a SQL 1 SELECT * FROM
member WHERE name = 'tanaka' AND 'a' = 'b'; tanaka' AND 'a' = 'b
SQL 0 SELECT * FROM member WHERE name = 'tanaka' BND 'a' = 'a';
tanaka' BND 'a' = 'b SQL 32. SQL SQL abend Web(SQLMap)
http://www.slideshare.net/abend_cve_9999_0001/websqlm 33. or UPDATE
member SET password = 'xxxx' WHERE id = 1; 1 UPDATE member SET
password = 'xxxx' WHERE id = 1 OR 1 = 1; id1 passwordxxxx orSQL 1
OR 1 = 1 passwordxxxx 34. UPDATE member SET password = 'xxxx' WHERE
flag = 1 AND id = 1; 1 flag1id1 passwordxxxx SQL 1; SELECT 1;--
flag1 passwordxxxx UPDATE member SET password = 'xxxx' WHERE flag =
1; SELECT 1;-- AND id = 1; 35. SQL SQL 36. 37. HTTP '+' 38. SQL
[email protected]'+' aaa@vulte'+'st.com 39. SQLSQL '+' '||' DBMS ||
Oracle, DB2, Postgre + SQL Server, Sybase CONCAT() MySQL SELECT *
FROM member WHERE name = 'tan'+'aka'; SQL tan'+'aka SQL 1 SQL 40.
() 41. MySQLSQL SQLvultest SQLvultestid [email protected] 42. MySQL
'+'SELECTMySQL WHERE'[email protected]'+''0 43. MySQL
MySQLCONCAT()MySQL+ MySQL 0 WHEREid = 0id id 0 SQL - 3
http://blog.tokumaru.org/2013/06/sql-injection-golf-3-letters-bypass-login-authentication.html
SQL http://www.tokumaru.org/d/20090924.html '[email protected]'+'' 0
+ 0 0 44. SQL SQL 1. SQL 2. SELECTUPDATE 3. UPDATEWHEHESELECT
SELECT * FROM member WHERE id = '[email protected]' AND birthday =
1999523; UPDATE vultest SET password = '' WHERE id =
'[email protected]'; [email protected] 1999523 45. SELECT * FROM
member WHERE id = '[email protected]'+'' AND birthday = 1999523;
UPDATE member SET password = '' WHERE id = '[email protected]'+'';
[email protected]'+' 1999523 birthday 1999523 Web 46. MySQL'+''||'
MySQL|| MySQL orz...SQL T.Terada - SQL
http://d.hatena.ne.jp/teracc/20090531 abentWebMySQL || Web
http://www.slideshare.net/abend_cve_9999_0001/web-22186183 47.
SQL