Username: 
Password: 
Restrict session to IP 
Questions  |  score: 3  |  3.81 5.35 5.20 |  Solved By 781 People  |  71393 views  |  since May 30, 2009 - 04:33:53

PHP 0815 (Exploit, PHP)

PHP 0815 Challenge
I have this script and its prone to sql injection.
Your mission is to provide me with a fix.
The solution is the fix with the least effort (The shortest way to fix at some logic position), and guarantee the script does still work.
if you think "urldecode()" will fix the script you simply enter it as solution.
The solution has to contain all chars that you need to type.
Feel Free to discuss it in the forums, its kinda training challenge :)
PHP code
<?php
# Only allow these ID's
$whitelist = array(1, 2, 3);

# if show is not set die with error.
if (false === ($show = isset($_GET['show']) ? $_GET['show'] : false)) {
die('MISSING PARAMETER; USE foo.bar?show=[1-3]');
}
# check if get var is sane (is it in whitelist ?)
elseif (in_array($show, $whitelist))
{
$query = "SELECT 1 FROM `table` WHERE `id`=$show";
echo 'Query: '.htmlspecialchars($query, ENT_QUOTES).'<br/>';
die('SHOWING NUMBER '.htmlspecialchars($show, ENT_QUOTES));
}
else # Not in whitelist !
{
die('HACKER NONONO');
}
?>
© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 and 2018 by Gizmore