include "./config.php";
login_chk();
dbconnect();
if(preg_match('/prob||.|()/i', $_GET[no])) exit("No Hack ~~");
if(preg_match('/\'|\"|`/i', $GET[no])) exit("No Quotes ~~");
$query = "select id from prob_goblin where id='guest' and no={$_GET[no]}";
echo "
query : {$query}
";
$result = @mysql_fetch_array(mysql_query($query));
if($result['id']) echo "
Hello {$result[id]}
";
if($result['id'] == 'admin') solve("goblin");
highlight_file(FILE);
?>
$_GET['no']안에 quotes 를 사용할 수 없다니 이제 야매는 안될 것 같다 전 문제에서 썼던 order by 꼼수로 넘어가자.
select id from prob_goblin where id='guest' and no=1 or 1=1 order by 1 asc -- a