WarGame & Conference/_Webhacking.kr
webhacking.kr 16번 문제
Dakuo
2010. 7. 17. 01:13
webhacking.kr 16번 문제를 클릭하면 다음과 같은 페이지가 뜬다.
어떤 값을 입력해야 할지 모르겠으므로
소스보기로 소스를 분석해본다.
<html>
<head>
<title>Challenge 16</title>
</head>
<body bgcolor=black>
<font color=red size=10></font>
<p>
<form name=login>
<input type=passwd name=pw>
<input type=button onclick=sub() value="로그인">
</form>
<script>
key="%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252561%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252570%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252570%2525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525256%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252543%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252565"
function sub(){ if(login.pw.value==""){ alert("패스워드를 입력하세요."); } else { document.location=login.pw.value }}
</script>
key 값을 해석하여 입력하면 문제가 풀릴것 같다.
key 값뒤에 숫자는 URL 인코딩된값으로
(%252525252525...... 를 통해 유추할수 있다. 참고로 %25 = % 이다. 즉 252525가 상쇄되어 맨 뒤에 있는 숫자만 남는다. 즉, 첫번째껀 %61)
해당키값을 URL 디코딩해보면 답을 알수가 있다.