> For the complete documentation index, see [llms.txt](https://docs.cooku222.kr/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-nightmare.md).
# \[Lord of SQLInjection] nightmare
```
if(preg_match('/prob|_|\\.|\\(\\)|#|-/i', $_GET[pw])) exit("No Hack ~_~");
if(strlen($_GET[pw])>6) exit("No Hack ~_~);
```
→ pw에서 (prob, \_, ., (), #, -)를 필터링한다.
→ pw의 입력값의 길이가 6이 넘지 않아야한다.
→ 6자 이내로 id가 admin과 다르다고 설정한 후 우회한다.
#### 풀이
→ pw의 입력값을 괄호로 막아주기 위해 ‘)’를 사용
→ MySQL은 쿼리를 읽을 때 NULL을 만나면 멈추는데, 이 점을 이용해서 ;%00을 사용해준다.
⇒ pw값이 참이 되도록 만드는 것에 중점을 둔다.
```
[도메인 값]?pw=')';%00
```
-> 클리어 창이 뜬다.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-nightmare.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
