Question
1.2 Escaping and Hashing The server uses the following PHP code, which escapes the username and applies the MD5 hash function to the password. if
-
1.2 Escaping and Hashing
The server uses the following PHP code, which escapes the username and applies the MD5 hash function to the password.
if (isset($_POST['username']) and isset($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5($_POST['password'], true); $sql_s = "SELECT * FROM users WHERE username='$username' and pw='$password'"; $rs = mysql_query($sql_s);
if (mysql_num_rows($rs) > 0) { echo "Login successful!";
} else { echo "Incorrect username or password";
} }
This is more difficult than the previous two defenses. You will need to write a program to produce a working exploit. You can use any language you like, but we recommend Python 3.
The target is a basic login page that uses the code above to check if login is successful
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started