Monday, 5 June 2017

php - SQL Injection Username and Password

I've been working on a project with a few friends. Our assignment was to find the Username and Password credentials to log in to a fake database



Here is the source code:




include "config.php";
$con = mysqli_connect("localhost", "sql1", "sql1", "sql1");
$username = $_POST["username"];
$password = $_POST["password"];
$debug = $_POST["debug"];
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$result = mysqli_query($con, $query);

if (intval($debug)) {
  echo "
";

  echo "username: ", htmlspecialchars($username), "\n";
  echo "password: ", htmlspecialchars($password), "\n";
  echo "SQL query: ", htmlspecialchars($query), "\n";
 if (mysqli_errno($con) !== 0) {
 echo "SQL error: ", htmlspecialchars(mysqli_error($con)), "\n";
  }
  echo "
";
}

if (mysqli_num_rows($result) !== 1) {

  echo "
Login failed.
";
} else {
  echo "
Logged in!
";
  echo "
Your flag is: $FLAG
";
}

?>


The proctor gave us a hint asking "What happens if username or password contains a single quote '?




I have tried everything from ' or 1=1--



to things like ' OR a=1--



if anyone could help I would greatly appreciate it!

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

c++ - Does curly brackets matter for empty constructor?

Those brackets declare an empty, inline constructor. In that case, with them, the constructor does exist, it merely does nothing more than t...