API tools faq
paste
Advertisement
sol4r

vulnerable.c

sol4r
Jan 24th, 2024 (edited)
35
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.92 KB | None | 0 0
raw download clone embed print report
  1. admin' OR '1'='1'; --
  2. sudo apt update
  3. sudo apt install apache2 php libapache2-mod-php
  4. sudo a2enmod php7.x # Replace '7.x' with your PHP version
  5. sudo service apache2 restart
  6. //////////////////////////////////////
  7.  
  8. sudo apt-get install libapache2-mod-php
  9. sudo systemctl restart apache2
  10. sudo nano /etc/apache2/sites-available/000-default.conf
  11.  
  12. AddType application/x-httpd-php .php
  13. //////////////////////////////////////
  14. sudo tail -f /var/log/apache2/error.log
  15. /////////////////////////////////////
  16. //sql injection
  17. HTML:
  18. <!DOCTYPE html>
  19. <html lang="en">
  20. <head>
  21. <meta charset="UTF-8">
  22. <meta name="viewport" content="width=device-width, initial-scale=1.0">
  23. <title>SQL Injection Challenge</title>
  24. </head>
  25. <body>
  26.  
  27. <h2>Login Page</h2>
  28. <form action="login.php" method="POST">
  29. <label for="username">Username:</label>
  30. <input type="text" id="username" name="username" required>
  31.  
  32. <br>
  33.  
  34. <label for="password">Password:</label>
  35. <input type="password" id="password" name="password" required>
  36.  
  37. <br>
  38.  
  39. <input type="submit" value="Login">
  40. </form>
  41.  
  42. <p>Hint: The login page is intentionally vulnerable to SQL injection. Your goal is to bypass authentication and access the admin panel.</p>
  43.  
  44. </body>
  45. </html>
  46.  
  47.  
  48.  
  49. PHP:
  50. <?php
  51. if ($_SERVER["REQUEST_METHOD"] == "POST") {
  52. $username = $_POST["username"];
  53. $password = $_POST["password"];
  54.  
  55. // Simulated vulnerable database query with SQL injection vulnerability
  56. $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
  57.  
  58. // Simulate the execution of the query (for educational purposes only)
  59. // In a real scenario, this would be executed against a database
  60. $result = executeQuery($query);
  61.  
  62. if ($result) {
  63. echo "<p>Welcome, {$result['username']}! Here are your details:</p>";
  64. echo "<p>Username: {$result['username']}</p>";
  65. echo "<p>Password: <strong>{$result['password']}</strong></p>";
  66.  
  67. // Check if the correct SQL injection is done (e.g., username=admin' OR '1'='1'; --)
  68. if ($username === "admin" && $password === "admin123") {
  69. echo "<p style='color:green;'>Flag: {FLAG_HERE}</p>";
  70. }
  71. } else {
  72. echo "<p>Invalid username or password</p>";
  73. }
  74. }
  75.  
  76. // Simulated function to execute the query (for educational purposes only)
  77. function executeQuery($query) {
  78. // In a real scenario, this would connect to a database
  79. // For educational purposes, simulate a user with username 'admin' and password 'admin123'
  80. $simulatedUser = ['username' => 'admin', 'password' => 'admin123'];
  81.  
  82. // Check for SQL injection by looking for 'OR' in the query
  83. if (stripos($query, 'OR') !== false) {
  84. return $simulatedUser; // Return simulated admin user details
  85. } else {
  86. return false; // Return false for non-admin users
  87. }
  88. }
  89. ?>
  90.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!