SQLInjection2
Below is actual code in use here for this login page. Your task is to login as the Admin user.
function awesomeSQLFilter($username, $password){ $sqlCommands = array("AND", "OR", "SELECT", "DELETE", "DROP", "CREATE", "LIKE", "JOIN", "UNION", "LIMIT", "ORDER BY", "REGEXP", "WHERE", "INSERT", "UPDATE", "HAVING", "DISTINCT", "TRUNCATE"); //Nobody can use any sql commands in their username or password! foreach($sqlCommands as $command){ $username = str_ireplace($command, "", $username); $password = str_ireplace($command, "", $password); } return array($username, $password); } function checkUserPass($db, $username, $password){ if (!$db) { echo "Error connecting to database."; return false;} //security because logins are important!! list($username, $password) = awesomeSQLFilter($username, $password); $result = sqlite_query($db, "SELECT COUNT(*) cnt FROM Users WHERE username='$username' AND password='$password'", $error); if(!$result) { echo htmlentities($error, ENT_QUOTES); return false;} $row = $result->fetchArray(); $num_rows = $row['cnt']; sqlite_close($db); if($num_rows==1) return true; return false; }
Note: A real database is used for this challenge, and it is rolled back after each attempt.
You must be logged in order to submit an answer.
Challenge by ynori7.