PHP with SQL Injection

Posted by Scott S on Stack Overflow See other posts from Stack Overflow or by Scott S
Published on 2011-01-16T02:47:59Z Indexed on 2011/01/16 2:53 UTC
Read the original article Hit count: 207

Filed under:
|
|

For our first assignment in a System Security class, we have to hack into the professors "cheaply organized" sql database. I know the only user is "admin" and the select statement generated in the php is:

select user_id from user where user_username = 'admin' AND user_password = md5('noob')

I am having a number of problems attempting to bypass the password part of this statement as the professor has some javascript embedded in the page to sanitize the username and password of any non-alphanumeric values. This can be bypassed by turning off javascript :P but any values sent still get cleaned by the operating system (some build of Debian 32-bit). I've seen the code for the login request and it does not escape any characters.

How do I bypass the operating systems escape sequences?

© Stack Overflow or respective owner

Related posts about php

Related posts about sql