> For the complete documentation index, see [llms.txt](https://docs.cooku222.kr/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-ouroboros.md).

# \[Lord Of SQLInjection] ouroboros

<figure><img src="https://blog.kakaocdn.net/dna/bycoB3/btsNDamw4FH/AAAAAAAAAAAAAAAAAAAAAJELpJpWh5Jj9fVSAuvwh98_YzaJ6KQZHUcLlw-1zWuD/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=0nEp6upNdUMQ0dlprbECTrpeJ%2FA%3D" alt="" height="262" width="619"><figcaption></figcaption></figure>

```
if(preg_match('/prob|_|\.|rollup|join|@/i', $_GET['pw'])) exit("No Hack ~_~");
```

pw에 필터링 목록이 있다면 No Hack 을 출력하고 종료함

```
$query = "select pw from prob_ouroboros where pw='{$_GET[pw]}'";
echo "<hr>query : <strong>{$query}</strong><hr><br>";
```

&#x20;

\- 필터링에 걸리지 않았다면 select pw from prob\_ouroboros where pw=’{$\_GET\[pw]}’에 삽입됨

\- 그 후 삽입된 쿼리문을 출력함

```
$result = @mysqli_fetch_array(mysqli_query($db, $query));
if($result['pw']) echo "<h2>Pw: {$result[pw]}</h2>';
if(($result['pw']) && ($result['pw'] === $_GET['pw'])) solve("ouroboros");
```

&#x20;

\- 쿼리문의 결과값 pw이 있다면 출력한다.

\- 그 후 결과값 pw와 입력한 pw이 같다면 클리어 함

#### &#x20;

#### Solution

```
select pw from 'prob_ourobors' where pw='' union select '테스트입니당';
```

&#x20;

\- Quine SQL 이란?

-> Quine은 소스코드를 그대로 출력으로 반환하는 프로그램을 의미

-> Quine SQL은 입력된 쿼리문을 그대로 반환하는 것으로 생각

<figure><img src="https://blog.kakaocdn.net/dna/c7GrIb/btsNDl9n1zL/AAAAAAAAAAAAAAAAAAAAANPsEVyW8HMu9gOkvwDULmTqYyN1wlQR-fM1AvOBVI2X/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=gDCVhA8aygNxWYY1v1DAHLHkwP8%3D" alt="" height="457" width="1909"><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-ouroboros.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.