> For the complete documentation index, see [llms.txt](https://docs.cooku222.kr/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-revenent.md).

# \[Lord Of SQLInjection] revenent

<figure><img src="https://blog.kakaocdn.net/dna/qF8Xt/btsNDNyvgQv/AAAAAAAAAAAAAAAAAAAAAAZFK99P6Uwxm12brfWz-ypwVFpcYSCeXz9oazIo04yB/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=PxtsMiiA170jgV%2Fcow2cqwCJSu0%3D" alt="" height="315" width="689"><figcaption></figcaption></figure>

#### 문제 특징

* 에러로 컬럼명을 출력하는 nessie 문제와 형식이 비슷하다.
* union select를 이용해 추가한 값이 기존 값과 일치하지 않을 경우 발생하는 결과값도 nessie와 유사

```
[URL]?id=admin' union select '1', '2', '3', '4', 5--+-
```

<figure><img src="https://blog.kakaocdn.net/dna/vZpZK/btsNDlWQHpo/AAAAAAAAAAAAAAAAAAAAAJVW5GdB-x62jZzMeM-VJSNQG7grEFSXd1QfeBBpqM2U/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=FgLxrNRFC4YwFN3VIiwayQqYgu0%3D" alt="" height="160" width="1151"><figcaption></figcaption></figure>

* 최근에 revenant의 컬럼 값이 바뀌어서 기존에 작성된 라이트업의 칼럼 명이랑은 다른 점에 유의하길 바람
  * pw = bae18ae1221fafd3라는 것을 얻게 됨

<figure><img src="https://blog.kakaocdn.net/dna/bUwuVf/btsNDG0IDIl/AAAAAAAAAAAAAAAAAAAAADZVjdC5S0yn1GTeyM4SlzOkgvCQLny7hWp1H_bVIYkk/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=lOQjVzEzTUgJc1EpdK18q8fZ2yo%3D" alt="" height="388" width="700"><figcaption></figcaption></figure>

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-revenent.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.