Username: 
Password: 
Restrict session to IP 
Questions  |  score: 4  |  5.43 7.24 6.54 |  Solved By 783 People  |  263146 views  |  since Aug 29, 2009 - 22:22:18

Addslashes (Exploit, PHP, MySQL)

Your mission is to login as Admin.
You are given the source of the login script also as highlighted version.

Good Luck.
GeSHi`ed php code for addslashes.include
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
<?php
function asvsmysql_login($username, $password)
{
        $username = addslashes($username);
        $password = md5($password);        
        if (false === ($db = gdo_db_instance('localhost', ADDSLASH_USERNAME, ADDSLASH_PASSWORD, ADDSLASH_DATABASE, GWF_DB_TYPE, 'GBK'))) {
                return htmlDisplayError('Can`t connect to database.');
        }
         $db->setLogging(false);
        $db->setEMailOnError(false);
        
        $query = "SELECT username FROM users WHERE username='$username' AND password='$password'";
                if (false === ($result = $db->queryFirst($query))) {
                return htmlDisplayError('Wrong username/password.');
        }
        
        if ($result['username'] !== 'Admin') {                return htmlDisplayError('You are logged in, but not as Admin.');
        }
        
        return htmlDisplayMessage('You are logged in. congrats!');
}?>

欢迎登录页面

请登录

用户名:
密码:

© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 and 2020 by Gizmore