baby sql

CHALLENGE DESCRIPTION

I heard that `*real_escape_string()` functions protect you from malicious user input inside SQL statements, I hope you can't prove me wrong...

Source Code

<?php require 'config.php';

class db extends Connection {
    public function query($sql) {
        $args = func_get_args();
        unset($args[0]);
        return parent::query(vsprintf($sql, $args));
    }
}

$db = new db();

if (isset($_POST['pass'])) {
    $pass = addslashes($_POST['pass']);
    $db->query("SELECT * FROM users WHERE password=('$pass') AND username=('%s')", 'admin');
} else {
    die(highlight_file(__FILE__,1));
}

Vulnerable Code Analysis

Previousbaby interdimensional internet NextMachine-Writeup

Last updated 17 days ago