on
old-06
old-06
old-06
이미 풀어서 ID와 PW가 변경되었다.
원래는 ID : guest, PW : 123qwe 이다.
우선 view-source를 먼저 살펴본다.
먼저 나오는 PHP 문을 살펴보면
$val_id와 $val_pw를 먼저 base64로 인코딩을 20번 돌린다.
그리고 $val_id와 $val_pwd의 값에서 각각 숫자들을 코드에 나타난 특수문자로 교체한다.
이것을 쿠키 값으로 설정한다.
크롬의 확장 프로그램인 'EditThisCookie'를 통해 쿠키 값을 살펴보면 쿠키 값이 3개 존재한다.
위 페이지 소스코드에 따라 user에는 guest를 변환한 값이고, password에는 123qwe를 변환한 값이다.
이제 두 번째 PHP 문을 살펴보면
ID와 PW의 값이 각각 'admin'과 'nimba'이면 문제가 풀린다.
즉, user와 password의 쿠키 값이 앞의 동작과는 반대로 동작하여 'admin'과 'nimba'가 출력되면 된다.
반대로 동작하도록 PHP 구문을 만들어 보면
"; echo $decode_pw; ?>
이를 실행해보면
Vm0wd@QyUXlVWGxWV0d^V!YwZDRWMVl$WkRSV0!WbDNXa!JTVjAxV@JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll&U;@tWVWJHaG9UVlZ$VlZadGNFSmxSbGw!VTJ0V!ZXSkhhRzlVVmxaM!ZsWmFjVkZ0UmxSTmJFcEpWbTEwYTFkSFNrZGpSVGxhVmpOU!IxcFZXbUZrUjA!R!UyMTRVMkpIZHpGV!ZFb$dWakZhV0ZOcmFHaFNlbXhXVm!wT!QwMHhjRlpYYlVaclVqQTFSMWRyV@&kV0;!ERkZVbFJHVjFaRmIzZFdha!poVjBaT@NtRkhhRk&sYlhoWFZtMXdUMVF;$TUhoalJscFlZbGhTV0ZSV@FFTlNiRnBZWlVaT!ZXSlZXVEpWYkZKRFZqQXhkVlZ!V@xaaGExcFlXa!ZhVDJOc@NFZGhSMnhUVFcxb@IxWXhaREJaVmxsM!RVaG9hbEpzY0ZsWmJGWmhZMnhXY!ZGVVJsTk&WMUo;!VmpKNFQxWlhTbFpYVkVwV!lrWktTRlpxUm!GU@JVbDZXa!prYUdFeGNHOVdha0poVkRKT@RGSnJhR@hTYXpWeldXeG9iMWRHV@&STldHUlZUVlpHTTFSVmFHOWhiRXB;*WTBac!dtSkdXbWhaTVZwaFpFZFNTRkpyTlZOaVJtOTNWMnhXWVZReFdsaFRiRnBZVmtWd!YxbHJXa$RUUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS!QyUkdTbkpoUjJoVFlYcFdlbGRYZUc&aU;!XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU!ZtRkhPVmhTTUhCNVZHeGFjMWR0U@tkWGJXaGFUVzVvV0ZreFdrZFdWa$B*VkdzMVYySkdhM@hXYTFwaFZURlZlRmR!U@s!WFJYQnhWVzB^YjFZeFVsaE9WazVPVFZad@VGVXlkREJXTVZweVkwWndXR0V^Y0ROV@FrWkxWakpPU!dKR!pGZFNWWEJ@Vm!0U!MxUXlUWGxVYTFwb!VqTkNWRmxZY0ZkWFZscFlZMFU!YVUxcmJEUldNalZUVkd^a!NGVnNXbFZXYkhCWVZHdGFWbVZIUmtoUFYyaHBVbGhDTmxkVVFtRmpNV!IwVTJ0a!dHSlhhR0ZVVnpWdlYwWnJlRmRyWkZkV@EzQjZWa@R*TVZZd0!WWmlla!pYWWxoQ!RGUnJXbEpsUm!SellVWlNhVkp!UW&oV;!YzaHJWVEZzVjFWc!dsaGlWVnBQVkZaYWQyVkdWWGxrUkVKWFRWWndlVmt$V@&kWFIwVjRZMFJPV;@!FeVVrZGFWM@hIWTIxS!IxcEhiRmhTVlhCS!ZtMTBVMU!^VlhoWFdHaFlZbXhhVjFsc!pHOVdSbXhaWTBaa@JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa@Q0YTFOR!ZuTlhiRlpYWWtoQ!NWWkdVa@RWTVZwMFVtdG9VRll&YUhCVmJHaERUbXhrVlZGdFJtcE;&WMUl;$VlRKMGExZEhTbGhoUjBaVlZucFdkbFl$V@&OT;@JFcHpXa@R$YVZORlNrbFdNblJyWXpGVmVWTnVTbFJpVlZwWVZGYzFiMWRHWkZkWGJFcHNVbTFTZWxsVldsTmhWa$AxVVd^d!YySllVbGhhUkVaYVpVZEtTVk&zYUdoTk;!VcFZWbGN^TkdReVZrZFdiR!JvVW&wc;@IxUldXbmRsYkZsNVkwVmtWMDFFUmpGWlZXaExWMnhhV0ZWclpHRldNMmhJV!RJeFMxSXhjRWhpUm!oVFZsaENTMVp0TVRCVk!VMTRWbGhvV0ZkSGFGbFpiWGhoVm!^c@NscEhPV$BTYkhCNFZrY$dOVll^V@&OalJXaFlWa;!UxZGxsV!ZYaFhSbFp&WVVaa;!RtRnNXbFZXYTJRMFdWWktjMVJ!VG!oU@JGcFlXV$hhUm!ReFduRlJiVVphVm0xU!NWWlhkRzloTVVwMFlVWlNWVlpXY0dGVVZscGhZekZ$UlZWdGNFNVdNVWwzVmxSS0!HRXhaRWhUYkdob!VqQmFWbFp0ZUhkTk!WcHlWMjFHYWxacmNEQmFSV!F$VmpKS@NsTnJhRmRTTTJob!ZrUktSMVl^VG&WVmJFSlhVbFJXV;!ZaR!l*RmlNV!JIWWtaV!VsZEhhRlJVVm!SVFpXeHNWbGRzVG!oU!ZFWjZWVEkxYjFZeFdYcFZiR@hZVm!^d!lWcFZXbXRrVmtwelZtMXNWMUl*YURWV0!XUXdXVmRSZVZaclpGZGliRXB&Vld0V;!MySXhiRmxqUldSc!ZteEtlbFp0TURWWFIwcEhZMFpvV@sxSGFFeFdNbmhoVjBaV@NscEhSbGROTW!oSlYxUkplRk!^U!hoalJXUmhVbXMxV0ZZd!ZrdE&iRnAwWTBWa;!dsWXdWalJXYkdodlYwWmtTR0ZHV@xwaVdHaG9WbTE0YzJOc!pISmtSM0JUWWtad0&GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV;@FrNVRWRVpzVlZGWWFGTldhM0I@VmtkNFlWVXlTa!pYV0hCWFZsWndSMVF^V@tOVmJFSlZUVVF$UFE9PQ== Vm0wd@QyUXlVWGxWV0d^V!YwZDRWMVl$WkRSV0!WbDNXa!JTVjAxV@JETlhhMUpUVmpBeFYySkVUbGhoTVVwVVZtcEJlRll&U;@tWVWJHaG9UVlZ$VlZacVFtRlRNbEpJVm!0a!dHSkdjRTlaVjNSR!pVWmFkR0&GU;@!^U@JHdzFWVEowVjFaWFNraGhSemxWVmpOT00xcFZXbUZrUjA!R!drWndWMDFFUlRGV!ZFb$dWakZhV0ZOcmFHaFNlbXhXVm0xNFlVMHhXbk&YYlVaclVqQTFSMWRyV;@xOVWJVcEdZMFZ$VjJKVVJYZFdha!pYWkVaT@MxZHNhR@xTTW!oWlYxZDRiMkl&Vm;&OVmJGWlRZbFZhY;@xWcVFURlNNVlY!VFZSU!ZrMXJjRWxhU0hCSFZqRmFSbUl*WkZkaGExcG9WakJhVDJOdFJraGhSazVzWWxob!dGWnRNSGhPUm!^V!RVaG9XR0pyTlZsWmJGWmhZMVphZEdSSFJrNVNiRm9$V@xWYVQxWlhTbFpqUldSYVRVWmFNMVpxU@t0V!ZrcFpXa!p$VjFKV@NIbFdWRUpoVkRKT@MyTkZhR$BTYXpWWVZXcE9iMkl^V@&STldHUlZUVlpXTkZVeGFHOWhiRXB;*WTBac!dtSkdXbWhaTW&oWFkxWkdWVkpzVGs;!WFJVcElWbXBLTkZReFdsaFRhMlJxVW0xNGFGVXdhRU&UUmxweFVtMUdVMkpWYkRaWGExcHJZVWRGZUdOSE9WZGhhMHBvVmtSS;!QyUkdTbkpoUjJoVFlYcFdlbGRYZUc&aU;!XUkhWMjVTVGxOSGFGQlZiVEUwVmpGU!ZtRkhPVmhTTUhCNVZHeGFjMWR0U@tkWGJXaGFUVzVvV0ZreFdrZFdWa$B*VkdzMVYySkdhM@hXYTFwaFZURlZlRmR!U@s!WFJYQnhWVzB^YjFZeFVsaE9WazVPVFZad@VGVXlkREJXTVZweVkwWndXR0V^Y0ROV@FrWkxWakpPU!dKR!pGZFNWWEJ@Vm!0U!MxUXlUWGxVYTFwb!VqTkNWRmxZY0ZkWFZscFlZMFU!YVUxcmJEUldNV@h@V!ZaS!IxTnNaRlZXYkZwNlZHeGFZVmRGTlZaUFZtaFRUVWhDU@xac!pEUmpNV!IwVTJ0b@FGSnNTbGhVVlZwM!ZrWmFjVk&yWkZOaVJrcDZWa;@N^YzFVeVNuSlRiVVpYVFc!b!dGbHFTa!psUm!SWldrVTFWMVpzY0ZWWFZsSkhaREZaZUdKSVNsaGhNMUpVVlcxNGQyVkdWbGRoUnpsb!RWWndlbFl&Y0VkV0;!ERjFZVWhLV@xaWFVrZGFWM@hIWTIxS!IyRkdhRlJTVlhCS!ZtMTBVMU!^VlhoWFdHaFlZbXhhVjFsc!pHOVdSbXhaWTBaa@JHSkhVbGxhVldNMVlWVXhXRlZyYUZkTmFsWlVWa@Q0YTFOR!ZuTlhiRlpYWWtoQ!NWWkdVa@RWTVZwMFVtdG9VRll&YUhCVmJHaERUbXhrVlZGdFJtcE;&WMUl;$VlRKMGExZEhTbGhoUjBaVlZucFdkbFl$V@&KbFJtUnlXa;!prVjJFelFqWldhMlI@VFZaWmQwMVdXbWxsYTFwWVdXeG9RMVJHVW&KWGJFcHNVbTFTZWxsVldsTmhWa;$AxVVd^d!YySllVbGhhUkVaYVpVZEtTVk&zYUdoTk;!VcFdWbGN^TkdReVZrZFdXR$hyVWpCYWNGVnRlSGRsYkZsNVpVaGtXRkl$VmpSWk!GSlBWMjFGZVZWclpHRldNMmhJV!RJeFMxSXhjRWhpUm!oVFZsaENTMVp0TVRCVk!VMTRWbGhvV0ZkSGFGbFpiWGhoVm!^c@NscEhPV$BTYkhCNFZrY$dOVll^V@&OalJXaFlWa;!UxZGxsV!ZYaFhSbFp&WVVaa;!RtRnNXbFZXYTJRMFdWWktjMVJ!VG!oU@JGcFlXV$hhUm!ReFduRlJiVVphVm0xU!NWWlhkRzloTVVwMFlVWlNWVlpXY0dGVVZscGhZekZ$UlZWdGNFNVdNVWwzVmxSS0!HRXhaRWhUYkdob!VqQmFWbFp0ZUhkTk!WcHlWMjFHYWxacmNEQmFSV!F$VmpKS@NsTnJhRmRTTTJob!ZrUktSMVl^VG&WVmJFSlhVbFJXV;!ZaR!l*RmlNV!JIWWtaV!VsZEhhRlJVVm!SVFpXeHNWbGRzVG!oU!ZFWjZWVEkxYjFZeFdYcFZiR@hZVm!^d!lWcFZXbXRrVmtwelZtMXNWMUl*YURWV0!XUXdXVmRSZVZaclpGZGliRXB&Vld0V;!MySXhiRmxqUldSc!ZteEtlbFp0TURWWFIwcEhZMFpvV@sxSGFFeFdNbmhoVjBaV@NscEhSbGROTW!oSlYxUkplRk!^U!hoalJXUmhVbXMxV0ZZd!ZrdE&iRnAwWTBWa;!dsWXdWalJXYkdodlYwWmtTR0ZHV@xwaVdHaG9WbTE0YzJOc!pISmtSM0JUWWtad0&GWlhNVEJOUmxsNFYyNU9hbEpYYUZoV;@FrNVRWRVpzVlZGWWFGTldhM0I@VmtkNFlWVXlTa!pYV0hCWFZsWndSMVF^V@tOVmJFSlZUVVF$UFE9PQ==
굉장히 긴 문자열이 출력된다.
이 문자열들을 user와 password의 쿠키 값에 각각 넣어주면 된다.
그리고 새로고침을 하면 문제가 풀리게 된다.
from http://woong971.tistory.com/119 by ccl(A) rewrite - 2021-11-11 18:26:19