Skip to content

Commit b0a4372

Browse files
shellfarmershellfarmer
authored
Update solution.md
1 parent 497ffbd commit b0a4372

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

tamuctf2018/sql/solution.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,14 @@
22

33
> I created a login form for my web page. Somehow people are logging in as admin without my password though!
44
Can you fix my login code for me?
5+
6+
Simple SQL injection attack bypassing auththentication. Use real_escape_string to sanitise input.
7+
8+
Changes:
9+
```
10+
16 - $user = $_POST['username'];
11+
17 - $pass = $_POST['password'];
12+
16 + $user = $conn->real_escape_string($_POST['username']);
13+
17 + $pass = $conn->real_escape_string($_POST['password']);
14+
```
15+

0 commit comments

Comments
 (0)