PHP with SQL Injection
Posted
by
Scott S
on Stack Overflow
See other posts from Stack Overflow
or by Scott S
Published on 2011-01-16T02:47:59Z
Indexed on
2011/01/16
2:53 UTC
Read the original article
Hit count: 207
For our first assignment in a System Security class, we have to hack into the professors "cheaply organized" sql database. I know the only user is "admin" and the select statement generated in the php is:
select user_id from user where user_username = 'admin' AND user_password = md5('noob')
I am having a number of problems attempting to bypass the password part of this statement as the professor has some javascript embedded in the page to sanitize the username and password of any non-alphanumeric values. This can be bypassed by turning off javascript :P but any values sent still get cleaned by the operating system (some build of Debian 32-bit). I've seen the code for the login request and it does not escape any characters.
How do I bypass the operating systems escape sequences?
© Stack Overflow or respective owner