forked from Audi-1/sqli-labs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding modules 36,37 on mysql_real_escape_string bypass
- Loading branch information
Showing
14 changed files
with
585 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
<html xmlns="http://www.w3.org/1999/xhtml"> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | ||
<title>Less-32 **Bypass addslashes()**</title> | ||
</head> | ||
|
||
<body bgcolor="#000000"> | ||
<div style=" margin-top:70px;color:#FFF; font-size:23px; text-align:center">Welcome <font color="#FF0000"> Dhakkan </font><br> | ||
<font size="5" color="#00FF00"> | ||
|
||
|
||
<?php | ||
//including the Mysql connect parameters. | ||
include("../sql-connections/sql-connect.php"); | ||
|
||
function check_addslashes($string) | ||
{ | ||
$string = preg_replace('/'. preg_quote('\\') .'/', "\\\\\\", $string); //escape any backslash | ||
$string = preg_replace('/\'/i', '\\\'', $string); //escape single quote with a backslash | ||
$string = preg_replace('/\"/', "\\\"", $string); //escape double quote with a backslash | ||
|
||
|
||
return $string; | ||
} | ||
|
||
// take the variables | ||
if(isset($_GET['id'])) | ||
{ | ||
$id=check_addslashes($_GET['id']); | ||
//echo "The filtered request is :" .$id . "<br>"; | ||
|
||
//logging the connection parameters to a file for analysis. | ||
$fp=fopen('result.txt','a'); | ||
fwrite($fp,'ID:'.$id."\n"); | ||
fclose($fp); | ||
|
||
// connectivity | ||
|
||
mysql_query("SET NAMES gbk"); | ||
$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
|
||
if($row) | ||
{ | ||
echo '<font color= "#00FF00">'; | ||
echo 'Your Login name:'. $row['username']; | ||
echo "<br>"; | ||
echo 'Your Password:' .$row['password']; | ||
echo "</font>"; | ||
} | ||
else | ||
{ | ||
echo '<font color= "#FFFF00">'; | ||
print_r(mysql_error()); | ||
echo "</font>"; | ||
} | ||
} | ||
else { echo "Please input the ID as parameter with numeric value";} | ||
|
||
|
||
|
||
?> | ||
</font> </div></br></br></br><center> | ||
<img src="../images/Less-32.jpg" /> | ||
</br> | ||
</br> | ||
</br> | ||
</br> | ||
</br> | ||
<font size='4' color= "#33FFFF"> | ||
<?php | ||
|
||
function strToHex($string) | ||
{ | ||
$hex=''; | ||
for ($i=0; $i < strlen($string); $i++) | ||
{ | ||
$hex .= dechex(ord($string[$i])); | ||
} | ||
return $hex; | ||
} | ||
echo "Hint: The Query String you input is escaped as : ".$id ."<br>"; | ||
echo "The Query String you input in Hex becomes : ".strToHex($id). "<br>"; | ||
|
||
?> | ||
</center> | ||
</font> | ||
</body> | ||
</html> | ||
|
||
|
||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
<html xmlns="http://www.w3.org/1999/xhtml"> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | ||
<title>Less-36 **Bypass MySQL Real Escape String**</title> | ||
</head> | ||
|
||
<body bgcolor="#000000"> | ||
<div style=" margin-top:70px;color:#FFF; font-size:23px; text-align:center">Welcome <font color="#FF0000"> Dhakkan </font><br> | ||
<font size="5" color="#00FF00"> | ||
|
||
|
||
<?php | ||
//including the Mysql connect parameters. | ||
include("../sql-connections/sql-connect.php"); | ||
|
||
function check_quotes($string) | ||
{ | ||
$string= mysql_real_escape_string($string); | ||
return $string; | ||
} | ||
|
||
// take the variables | ||
if(isset($_GET['id'])) | ||
{ | ||
$id=check_quotes($_GET['id']); | ||
//echo "The filtered request is :" .$id . "<br>"; | ||
|
||
//logging the connection parameters to a file for analysis. | ||
$fp=fopen('result.txt','a'); | ||
fwrite($fp,'ID:'.$id."\n"); | ||
fclose($fp); | ||
|
||
// connectivity | ||
|
||
mysql_query("SET NAMES gbk"); | ||
$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
|
||
if($row) | ||
{ | ||
echo '<font color= "#00FF00">'; | ||
echo 'Your Login name:'. $row['username']; | ||
echo "<br>"; | ||
echo 'Your Password:' .$row['password']; | ||
echo "</font>"; | ||
} | ||
else | ||
{ | ||
echo '<font color= "#FFFF00">'; | ||
print_r(mysql_error()); | ||
echo "</font>"; | ||
} | ||
} | ||
else { echo "Please input the ID as parameter with numeric value";} | ||
|
||
|
||
|
||
?> | ||
</font> </div></br></br></br><center> | ||
<img src="../images/Less-36.jpg" /> | ||
</br> | ||
</br> | ||
</br> | ||
</br> | ||
</br> | ||
<font size='4' color= "#33FFFF"> | ||
<?php | ||
function strToHex($string) | ||
{ | ||
$hex=''; | ||
for ($i=0; $i < strlen($string); $i++) | ||
{ | ||
$hex .= dechex(ord($string[$i])); | ||
} | ||
return $hex; | ||
} | ||
echo "Hint: The Query String you input is escaped as : ".$id ."<br>"; | ||
echo "The Query String you input in Hex becomes : ".strToHex($id); | ||
?> | ||
</center> | ||
</font> | ||
</body> | ||
</html> | ||
|
||
|
||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
<html xmlns="http://www.w3.org/1999/xhtml"> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | ||
<title>Less-37- MySQL_real_escape_string</title> | ||
</head> | ||
|
||
<body bgcolor="#000000"> | ||
<div style=" margin-top:20px;color:#FFF; font-size:24px; text-align:center"> Welcome <font color="#FF0000"> Dhakkan </font><br></div> | ||
|
||
<div align="center" style="margin:40px 0px 0px 520px;border:20px; background-color:#0CF; text-align:center; width:400px; height:150px;"> | ||
|
||
<div style="padding-top:10px; font-size:15px;"> | ||
|
||
|
||
<!--Form to post the data for sql injections Error based SQL Injection--> | ||
<form action="" name="form1" method="post"> | ||
<div style="margin-top:15px; height:30px;">Username : | ||
<input type="text" name="uname" value=""/> | ||
</div> | ||
<div> Password : | ||
<input type="text" name="passwd" value=""/> | ||
</div></br> | ||
<div style=" margin-top:9px;margin-left:90px;"> | ||
<input type="submit" name="submit" value="Submit" /> | ||
</div> | ||
</form> | ||
|
||
</div> | ||
</div> | ||
<div style=" margin-top:10px;color:#FFF; font-size:23px; text-align:center"> | ||
<font size="3" color="#FFFF00"> | ||
<center> | ||
<br> | ||
<br> | ||
<br> | ||
<img src="../images/Less-37.jpg" /> | ||
</center> | ||
|
||
<?php | ||
//including the Mysql connect parameters. | ||
include("../sql-connections/sql-connect.php"); | ||
|
||
|
||
// take the variables | ||
if(isset($_POST['uname']) && isset($_POST['passwd'])) | ||
{ | ||
$uname1=$_POST['uname']; | ||
$passwd1=$_POST['passwd']; | ||
|
||
//echo "username before addslashes is :".$uname1 ."<br>"; | ||
//echo "Input password before addslashes is : ".$passwd1. "<br>"; | ||
|
||
//logging the connection parameters to a file for analysis. | ||
$fp=fopen('result.txt','a'); | ||
fwrite($fp,'User Name:'.$uname1); | ||
fwrite($fp,'Password:'.$passwd1."\n"); | ||
fclose($fp); | ||
|
||
$uname = mysql_real_escape_string($uname1); | ||
$passwd= mysql_real_escape_string($passwd1); | ||
|
||
//echo "username after addslashes is :".$uname ."<br>"; | ||
//echo "Input password after addslashes is : ".$passwd; | ||
|
||
// connectivity | ||
mysql_query("SET NAMES gbk"); | ||
@$sql="SELECT username, password FROM users WHERE username='$uname' and password='$passwd' LIMIT 0,1"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
|
||
if($row) | ||
{ | ||
//echo '<font color= "#0000ff">'; | ||
|
||
echo "<br>"; | ||
echo '<font color= "#FFFF00" font size = 4>'; | ||
//echo " You Have successfully logged in\n\n " ; | ||
echo '<font size="3" color="#0000ff">'; | ||
echo "<br>"; | ||
echo 'Your Login name:'. $row['username']; | ||
echo "<br>"; | ||
echo 'Your Password:' .$row['password']; | ||
echo "<br>"; | ||
echo "</font>"; | ||
echo "<br>"; | ||
echo "<br>"; | ||
echo '<img src="../images/flag.jpg" />'; | ||
|
||
echo "</font>"; | ||
} | ||
else | ||
{ | ||
echo '<font color= "#0000ff" font size="3">'; | ||
//echo "Try again looser"; | ||
print_r(mysql_error()); | ||
echo "</br>"; | ||
echo "</br>"; | ||
echo "</br>"; | ||
echo '<img src="../images/slap.jpg" />'; | ||
echo "</font>"; | ||
} | ||
} | ||
|
||
?> | ||
|
||
</br> | ||
</br> | ||
</br> | ||
<font size='4' color= "#33FFFF"> | ||
<?php | ||
|
||
echo "Hint: The Username you input is escaped as : ".$uname ."<br>"; | ||
echo "Hint: The Password you input is escaped as : ".$passwd ."<br>"; | ||
?> | ||
|
||
</font> | ||
</div> | ||
</body> | ||
</html> |
Oops, something went wrong.