> For the complete documentation index, see [llms.txt](https://docs.cooku222.kr/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cooku222.kr/security/web-hacking/webhacking.kr/webhacking.kr-old-5.md). # \[webhacking.kr] old-5

-> 소스코드를 확인해본다.

해당 페이지의 소스코드가 난잡하다

``` l='a'; ll='b'; lll='c'; llll='d'; lllll='e'; llllll='f'; lllllll='g'; llllllll='h'; lllllllll='i'; llllllllll='j'; lllllllllll='k'; llllllllllll='l'; lllllllllllll='m'; llllllllllllll='n'; lllllllllllllll='o'; llllllllllllllll='p'; lllllllllllllllll='q'; llllllllllllllllll='r'; lllllllllllllllllll='s'; llllllllllllllllllll='t'; lllllllllllllllllllll='u'; llllllllllllllllllllll='v'; lllllllllllllllllllllll='w'; llllllllllllllllllllllll='x'; lllllllllllllllllllllllll='y'; llllllllllllllllllllllllll='z'; I='1'; II='2'; III='3'; IIII='4'; IIIII='5'; IIIIII='6'; IIIIIII='7'; IIIIIIII='8'; IIIIIIIII='9'; IIIIIIIIII='0'; li='.'; ii='<'; iii='>'; lIllIllIllIllIllIllIllIllIllIl=lllllllllllllll+llllllllllll+llll+llllllllllllllllllllllllll+lllllllllllllll+lllllllllllll+ll+lllllllll+lllll; lIIIIIIIIIIIIIIIIIIl=llll+lllllllllllllll+lll+lllllllllllllllllllll+lllllllllllll+lllll+llllllllllllll+llllllllllllllllllll+li+lll+lllllllllllllll+lllllllllllllll+lllllllllll+lllllllll+lllll; if(eval(lIIIIIIIIIIIIIIIIIIl).indexOf(lIllIllIllIllIllIllIllIllIllIl)==-1) {alert('bye');throw "stop";}if(eval(llll+lllllllllllllll+lll+lllllllllllllllllllll+lllllllllllll+lllll+llllllllllllll+llllllllllllllllllll+li+'U'+'R'+'L').indexOf(lllllllllllll+lllllllllllllll+llll+lllll+'='+I)==-1) {alert('access_denied'); throw "stop";} else{document.write('Join

'); document.write('.

'); document.write('

'); document.write(''); document.write(''); document.write('

id
pass

');} ``` eval('document.cookie').indexOf('oldzombie') 는 실제로 document.cookie.indexOf('oldzombie')의 효과를 발휘함(타 롸업) 참고 -> WAF(Web Application Firewall)나 필터링 시스템이 document.cookie 직접 호출을 막을 경우에 쓰이는 방법이란다.. 알아두자. -> 그리고 난독화 코드에 cookie 값에 oldzombie 라는 문자열이 존재하고 URL에 mode = 1이라는 문자열이 존재해야한다는 조건이 붙는다. -> oldzombie라는 쿠키 값을 생성 후 url에 mode = 1을 붙여준다.

-> 목표로 한 join 사이트가 뜬다. -> admin 계정으로 가입 시도하니까 아이디가 이미 존재한다고 뜸.

admin 양 옆에 공백 추가함 -> 그냥 admin과 공백이 앞에 존재하는 admin은 SQL에서 다른 값으로 카운트가 되기 때문에 우회가 될 거라고 예상함. -> 우회 성공

--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cooku222.kr/security/web-hacking/webhacking.kr/webhacking.kr-old-5.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.