First, sorry if my issue is a duplicate! This is an exercise that I can not solve.
It is an authentication, simply. But the problem is that the application does not check both the password and nickname. A code is worth a thousand words:
if ( isset($_POST) && (!empty($_POST['login'])) && (!empty($_POST['password'])) ) {
$sql = "SELECT password FROM auth WHERE login = '". $_POST["login"] ."'";
$req = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($req) > 0) {
$data = mysql_fetch_assoc($req);
if ($_POST["password"] == $data['password']) {
$_SESSION['logged'] = 1;
header("location:panel.php");
die();
}
}
}
As regards the scheme of the database, all I know is that it has the LOGIN and PASSWORD field and the password is not hashed.
My initial idea is to cut the SELECT and INSERT to add just after my own admin, because I do not see how overstep the query as usual it could be admin'; #
I have try : admin'; INSERT INTO auth (login, password) VALUES ('admin2', 'test');# But.... doesn't work ! Can you help me ?
Thanks.
Aucun commentaire:
Enregistrer un commentaire