I'm learning ethical hacking and now I'm on sql injection topic. I'm also new to SQL and php. Ok, so I have local damn vulnerable website with back-end Linux, MySQL and Apache and now trying to use sql injection to login. The login form is php script, the login page consists of 2 boxes: username and password. I tried adding the "'" sign at the end of password and i do get sql error, so it is probably injectable. Then I tried adding the "' OR 1=1" and "' OR 'a'=a'" at the end of the password, but with not much success. So now I need some help! Any ideas or suggestions will be helpful. The php login code is below:
<?php
require_once 'header.php';
echo "<div class='main'><h3>Please enter your details to log in</h3>";
$error = $user = $pass = "";
// Sanitization is present
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeStringSQL1($_POST['pass']);
if ($user == "" || $pass == "")
$error = "Not all fields were entered<br>";
else
{
$result = queryMySQL("SELECT user,pass FROM members WHERE user='$user' AND pass='$pass'");
if ($result->num_rows == 0)
{
$error = "<span class='error'>Username/Password invalid</span><br><br>";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("You are now logged in. Please <a href='members.php?view=$user'>" . "click here</a> to continue.<br><br>");
}
}
}
echo <<<_END
<form method='post' action='login.php'>$error
<span class='fieldname'>Username</span><input type='text'
maxlength='16' name='user' value='$user'><br>
<span class='fieldname'>Password</span><input type='password'
maxlength='16' name='pass' value='$pass'>
_END;
// End of dummy login.php
?>
<br>
<span class='fieldname'> </span>
<input type='submit' value='Login'>
</form><br></div>
</body>
</html>
Aucun commentaire:
Enregistrer un commentaire