Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

1.2 Escaping and Hashing The server uses the following PHP code, which escapes the username and applies the MD5 hash function to the password. if

  1. 1.2 Escaping and Hashing

    The server uses the following PHP code, which escapes the username and applies the MD5 hash function to the password.

    if (isset($_POST['username']) and isset($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5($_POST['password'], true); $sql_s = "SELECT * FROM users WHERE username='$username' and pw='$password'"; $rs = mysql_query($sql_s);

    if (mysql_num_rows($rs) > 0) { echo "Login successful!";

     } else { echo "Incorrect username or password"; 

    } }

    This is more difficult than the previous two defenses. You will need to write a program to produce a working exploit. You can use any language you like, but we recommend Python 3.

The target is a basic login page that uses the code above to check if login is successful

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Students also viewed these Databases questions

Question

=+associated with political parties and if so, which ones? Are

Answered: 1 week ago