Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- admin' OR '1'='1'; --
- sudo apt update
- sudo apt install apache2 php libapache2-mod-php
- sudo a2enmod php7.x # Replace '7.x' with your PHP version
- sudo service apache2 restart
- //////////////////////////////////////
- sudo apt-get install libapache2-mod-php
- sudo systemctl restart apache2
- sudo nano /etc/apache2/sites-available/000-default.conf
- AddType application/x-httpd-php .php
- //////////////////////////////////////
- sudo tail -f /var/log/apache2/error.log
- /////////////////////////////////////
- //sql injection
- HTML:
- <!DOCTYPE html>
- <html lang="en">
- <head>
- <meta charset="UTF-8">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <title>SQL Injection Challenge</title>
- </head>
- <body>
- <h2>Login Page</h2>
- <form action="login.php" method="POST">
- <label for="username">Username:</label>
- <input type="text" id="username" name="username" required>
- <br>
- <label for="password">Password:</label>
- <input type="password" id="password" name="password" required>
- <br>
- <input type="submit" value="Login">
- </form>
- <p>Hint: The login page is intentionally vulnerable to SQL injection. Your goal is to bypass authentication and access the admin panel.</p>
- </body>
- </html>
- PHP:
- <?php
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- $username = $_POST["username"];
- $password = $_POST["password"];
- // Simulated vulnerable database query with SQL injection vulnerability
- $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
- // Simulate the execution of the query (for educational purposes only)
- // In a real scenario, this would be executed against a database
- $result = executeQuery($query);
- if ($result) {
- echo "<p>Welcome, {$result['username']}! Here are your details:</p>";
- echo "<p>Username: {$result['username']}</p>";
- echo "<p>Password: <strong>{$result['password']}</strong></p>";
- // Check if the correct SQL injection is done (e.g., username=admin' OR '1'='1'; --)
- if ($username === "admin" && $password === "admin123") {
- echo "<p style='color:green;'>Flag: {FLAG_HERE}</p>";
- }
- } else {
- echo "<p>Invalid username or password</p>";
- }
- }
- // Simulated function to execute the query (for educational purposes only)
- function executeQuery($query) {
- // In a real scenario, this would connect to a database
- // For educational purposes, simulate a user with username 'admin' and password 'admin123'
- $simulatedUser = ['username' => 'admin', 'password' => 'admin123'];
- // Check for SQL injection by looking for 'OR' in the query
- if (stripos($query, 'OR') !== false) {
- return $simulatedUser; // Return simulated admin user details
- } else {
- return false; // Return false for non-admin users
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement