> For the complete documentation index, see [llms.txt](https://docs.cooku222.kr/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-cthulhu.md).

# \[Lord Of SQLInjection] cthulhu

<figure><img src="https://blog.kakaocdn.net/dna/bvm1X4/btsNBvFDuek/AAAAAAAAAAAAAAAAAAAAAMLF4GUCKxug4yL3ZbFf6pQ5t-fFelbfWCNLCsjQ3GWs/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=Vap%2B5HW8SE3xeX%2BVSH5%2BqtcO0J0%3D" alt="" height="354" width="767"><figcaption></figcaption></figure>

**특징**

* &#x20;modsec.rubiya.kr 서버가 ModSecurity Core Rule Set v3.1.0 with paranoia level 1 버전으로 돌아가고 있다는 문구가 있음
* WAF를 이용해서 우회 가능하냐는 문구 있음
* id와 pw 항목에서 admin을 대소문자 구분 없이 필터링하고 있다.
* 웹 방화벽 해당 버전을 우회하여 admin으로 로그인하면 문제가 해결될 것임
* id와 pw를 파라미터로 받으니 \로 싱글 쿼터를 우회하며, hex 변환으로 admin을 0x61646d696e로 우회하여 쿼리를 주입하면 해결 될 것이다.

ModSecurity Core Rule Set v3.1.0을 깃허브에서 찾아서, 페이로드를 사용하면 된다.

<https://github.com/coreruleset/coreruleset/commit/520055281e6eafc0b2ea78cd0975f35ca503f714>

[ SQLi bypass detection: ticks and backticks (#1335) · coreruleset/coreruleset@5200552SecRule TX:EXECUTING\_PARANOIA\_LEVEL "@lt 2" "id:942013,phase:1,pass,nolog,skipAfter:END-REQUEST-942-APPLICATION-ATTACK-SQLI"github.com](https://github.com/coreruleset/coreruleset/commit/520055281e6eafc0b2ea78cd0975f35ca503f714)

```
[도메인 값]?id='<@=1 or 1--+-
```

<figure><img src="https://blog.kakaocdn.net/dna/bAA8v2/btsNCvq0ATA/AAAAAAAAAAAAAAAAAAAAADxE4fdDp9P5K1wVDUGmznhuSRCus8cC1K8_gnVdYjdz/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=gE7iqoAobtaMS0NOdomRVPuGahc%3D" alt="" height="435" width="759"><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-cthulhu.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.