Recently Updated
Inj3ction
Challenge You can do it. Link
Hint: I’m pretty sure there isn’t even an account that is an admin.
Solution
Another SQL injection challenge, this time we are given the source:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<?php
include("flag.php");
$con = mysqli_connect("localhost", "injection3", "injection3", "injection3");
$username = $_POST["username"];
$password = $_POST["password"];
$query = "SELECT * FROM users WHERE username='$username'";
$result = mysqli_query($con, $query);
$logged_in = false;
if(mysqli_num_rows($result) === 1) {
$row = mysqli_fetch_array($result);
if($row["password"] === $password){
$logged_in = true;
if($row["is_admin"] === true){
echo("<h1>Wow! Your flag is: $flag </h1>");
}
}
}
if(!$logged_in){
echo("<h1>You failed!</h1>");
}
?>
From the hint it would seem we do not need to pass all the checks, but rather get the program to output the $flag
variable for us.
Flag