Home
Forum
News
Articles
Codes
Affiliates
Challenges
User GuideSQLInjection2
Below is actual code in use here for this login page. Your task is to login as the Admin user.
function awesomeSQLFilter($username, $password){
$sqlCommands = array("AND", "OR", "SELECT", "DELETE", "DROP", "CREATE", "LIKE",
"JOIN", "UNION", "LIMIT", "ORDER BY", "REGEXP", "WHERE", "INSERT", "UPDATE",
"HAVING", "DISTINCT", "TRUNCATE");
//Nobody can use any sql commands in their username or password!
foreach($sqlCommands as $command){
$username = str_ireplace($command, "", $username);
$password = str_ireplace($command, "", $password);
}
return array($username, $password);
}
function checkUserPass($db, $username, $password){
if (!$db) { echo "Error connecting to database."; return false;}
//security because logins are important!!
list($username, $password) = awesomeSQLFilter($username, $password);
$result = sqlite_query($db, "SELECT COUNT(*) cnt FROM Users WHERE username='$username' AND password='$password'", $error);
if(!$result) { echo htmlentities($error, ENT_QUOTES); return false;}
$row = $result->fetchArray();
$num_rows = $row['cnt'];
sqlite_close($db);
if($num_rows==1) return true;
return false;
}
Note: A real database is used for this challenge, and it is rolled back after each attempt.
You must be logged in order to submit an answer.
Challenge by ynori7.
