Lord Of SQL (41번~44번)

Posted Dec 16, 2025 Updated Dec 16, 2025

By Hwisung

1 min read

LOS 41~44번

41번 nessie

  
<?php
include "./config.php";
login_chk();
$db = mssql_connect('nessie');
if (preg_match('/master|sys|information|prob|;|waitfor|_/i', $_GET['id'])) exit("No Hack ~_~");
if (preg_match('/master|sys|information|prob|;|waitfor|_/i', $_GET['pw'])) exit("No Hack ~_~");
$query = "select id from prob_nessie where id='{$_GET['id']}' and pw='{$_GET['pw']}'";
echo "<hr>query : <strong>{$query}</strong><hr><br>";
sqlsrv_query($db, $query);
if (sqlsrv_errors()) exit(mssql_error(sqlsrv_errors()));

$query = "select pw from prob_nessie where id='admin'";
$result = sqlsrv_fetch_array(sqlsrv_query($db, $query));
if ($result['pw'] === $_GET['pw']) solve("nessie");
highlight_file(__FILE__);

이번엔 코드를 보면 mssql_connect가 있음을 보니 mssql을 사용한 것 같다.

Lord Of SQL (41번~44번)

41번 nessie

Further Reading

Lord Of SQL (1번~5번)

Lord Of SQL (6번~10번)

Lord Of SQL (11번~15번)