forked from Audi-1/sqli-labs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding challenge Less 54,55,56,57,58,59,60,61,62
- Loading branch information
Showing
44 changed files
with
2,793 additions
and
223 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,220 @@ | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
<html xmlns="http://www.w3.org/1999/xhtml"> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | ||
<title>Less-54:Challenge-1</title> | ||
</head> | ||
|
||
<body bgcolor="#000000"> | ||
<div style ="text-align:right"> | ||
<form action="" method="post"> | ||
<input type="submit" name="reset" value="Reset the Challenge!" /> | ||
</form> | ||
</div> | ||
</right> | ||
<div style=" margin-top:20px;color:#FFF; font-size:23px; text-align:center">Welcome <font color="#FF0000"> Dhakkan </font><br> | ||
<font size="3" color="#FFFF00"> | ||
|
||
|
||
|
||
<?php | ||
//including the Mysql connect parameters. | ||
include("../sql-connections/sql-connect.php"); | ||
|
||
|
||
|
||
|
||
//Creating dynamic string for challenge password | ||
function passwd_gen() | ||
{ | ||
$characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; | ||
$string_length = 24; | ||
$string = ''; | ||
for ($i = 0; $i < $string_length; $i++) | ||
{ | ||
$string .= $characters[rand(0, strlen($characters) - 1)]; | ||
} | ||
//echo $string; | ||
return $string; | ||
} | ||
|
||
|
||
//Updating the counter for Attempts at solving problem. | ||
function next_tryy() | ||
{ | ||
//including the Mysql connect parameters. | ||
include("../sql-connections/sql-connect.php"); | ||
$sql = "UPDATE challenge1 SET tryy=tryy+1 WHERE id=1"; | ||
mysql_query($sql); | ||
} | ||
|
||
function view_attempts() | ||
{ | ||
include("../sql-connections/sql-connect.php"); | ||
$sql="SELECT tryy FROM challenge1 WHERE id=1"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
return $row[0]; | ||
|
||
} | ||
|
||
|
||
|
||
// Submitting the final answer | ||
if(!isset($_POST['answer_key'])) | ||
{ | ||
|
||
|
||
// resetting the challenge and repopulating the table Challenge1. | ||
if(isset($_POST['reset'])) | ||
{ | ||
setcookie('challenge1', ' ', time() - 3600000); | ||
echo "<font size=4>You have reset the Challenge</font><br>\n"; | ||
echo "Redirecting you to main challenge page..........\n"; | ||
header( "refresh:4;url=index.php" ); | ||
//echo "cookie expired"; | ||
|
||
} | ||
else | ||
{ | ||
|
||
|
||
// Checking the cookie on the page and populate the table with random value. | ||
if(isset($_COOKIE['challenge1'])) | ||
{ | ||
$sessid=$_COOKIE['challenge1']; | ||
//echo "Cookie value: ".$sessid; | ||
} | ||
else | ||
{ | ||
$expire = time()+60*60*24*30; | ||
$hash = md5(rand(0,100000)); | ||
setcookie("challenge1", $hash, $expire); | ||
//echo "New Cookie : " . $hash . "<br>"; | ||
$passwd = passwd_gen(); | ||
//echo "Password : ".$passwd; | ||
$sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1"; | ||
mysql_query($sql); | ||
} | ||
|
||
echo "<br>\n"; | ||
|
||
// take the variables | ||
if(isset($_GET['id'])) | ||
{ | ||
$id=$_GET['id']; | ||
|
||
//logging the connection parameters to a file for analysis. | ||
$fp=fopen('result.txt','a'); | ||
fwrite($fp,'ID:'.$id."\n"); | ||
fclose($fp); | ||
|
||
|
||
//update the counter in database | ||
next_tryy(); | ||
|
||
//Display attempts on screen. | ||
$tryyy = view_attempts(); | ||
echo "You have made : ". $tryyy ." of 10 attempts"; | ||
echo "<br><br><br>\n"; | ||
|
||
|
||
//Reset the Database if you exceed allowed attempts. | ||
if($tryyy == 11) | ||
{ | ||
setcookie('challenge1', ' ', time() - 3600000); | ||
echo "<font size=4>You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset </font><br>\n"; | ||
echo "Redirecting you to challenge page..........\n"; | ||
header( "refresh:4;url=index.php" ); | ||
echo "<br>"; | ||
} | ||
|
||
|
||
|
||
// Querry DB to get the correct output | ||
$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
|
||
if($row) | ||
{ | ||
echo '<font color= "#00FFFF">'; | ||
echo 'Your Login name:'. $row['username']; | ||
echo "<br>"; | ||
echo 'Your Password:' .$row['password']; | ||
echo "</font>"; | ||
} | ||
else | ||
{ | ||
echo '<font color= "#FFFF00">'; | ||
// print_r(mysql_error()); | ||
echo "</font>"; | ||
} | ||
} | ||
else | ||
{ | ||
echo "Please input the ID as parameter with numeric value as done in Lab excercises\n<br><br>\n</font>"; | ||
echo "<font color='#00FFFF': size=3>The objective of this challenge is to dump the secret key from table <b><i>Challenge1</i></b> in Less than 10 attempts"; | ||
} | ||
|
||
} | ||
|
||
|
||
?> | ||
</font> </div></br></br></br><center> | ||
<img src="../images/Less-54.jpg" /> | ||
</center> | ||
<br><br><br> | ||
<div style=" color:#00FFFF; font-size:18px; text-align:center"> | ||
<form name="input" action="" method="post"> | ||
Submit Secret Key: <input type="text" name="key"> | ||
<input type="submit" name = "answer_key" value="Submit"> | ||
</form> | ||
</div> | ||
|
||
|
||
<?php | ||
|
||
} | ||
|
||
else | ||
{ | ||
echo '<div style=" color:#00FFFF; font-size:18px; text-align:center">'; | ||
$key = addslashes($_POST['key']); | ||
$key = mysql_real_escape_string($key); | ||
//echo $key; | ||
//Query table to verify your result | ||
$sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
|
||
if($row) | ||
{ | ||
echo '<font color= "#FFFF00">'; | ||
echo "\n<br><br><br>"; | ||
echo '<img src="../images/Less-54-1.jpg" />'; | ||
echo "</font>"; | ||
} | ||
else | ||
{ | ||
echo '<font color= "#FFFF00">'; | ||
echo "\n<br><br><br>"; | ||
echo '<img src="../images/slap1.jpg" />'; | ||
header( "refresh:3;url=index.php" ); | ||
//print_r(mysql_error()); | ||
echo "</font>"; | ||
} | ||
|
||
|
||
} | ||
|
||
?> | ||
|
||
</body> | ||
</html> | ||
|
||
|
||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
ID:1 | ||
ID:10 | ||
ID:-1' union select 1,2,3 -- | ||
ID:1' | ||
ID:1 | ||
ID:1 | ||
ID:1 | ||
ID:1 | ||
ID:1 | ||
ID:1 | ||
ID:1 | ||
ID:1 | ||
ID:1 |
Oops, something went wrong.