SQLInjection2

Below is actual code in use here for this login page. Your task is to login as the Admin user.
function awesomeSQLFilter($username, $password){
  $sqlCommands = array("AND", "OR", "SELECT", "DELETE", "DROP", "CREATE", "LIKE", 
	"JOIN", "UNION", "LIMIT", "ORDER BY", "REGEXP", "WHERE", "INSERT", "UPDATE", 
	"HAVING", "DISTINCT", "TRUNCATE");
  //Nobody can use any sql commands in their username or password!
  foreach($sqlCommands as $command){
    $username = str_ireplace($command, "", $username);
    $password = str_ireplace($command, "", $password);
  }
  return array($username, $password);
}

function checkUserPass($db, $username, $password){
  if (!$db) { echo "Error connecting to database."; return false;}
  //security because logins are important!!
  list($username, $password) = awesomeSQLFilter($username, $password);
  $result = sqlite_query($db, "SELECT 1 FROM Users WHERE username='$username' AND password='$password'", $error);
  if(!$result) { echo htmlentities($error, ENT_QUOTES); return false;}
  $num_rows = sqlite_num_rows($result);
  sqlite_close($db);
  if($num_rows==1) return true;
  return false;
}
Note: A real database is used for this challenge, and it is rolled back after each attempt.

You must be logged in order to submit an answer.


Challenge by ynori7.



CSTutoringCenter