View Full Version : is this login code vulnerable to sqli ?

08-15-2012, 07:16 PM
hi all i have get this code by a source code disclosure bug tryed to login to mysql after reading config but remote access is disabled. i want to know is this login code vulnerable to sqli ?

<?php session_start();?>

if (isset($_POST['login'])){
if (!empty($_POST['usr'])){
if (!empty($_POST['pass'])){
if ( ($scode == $_SESSION["security_code"]) && (!empty($scode) && !empty($_SESSION["security_code"])) )

//echo "SELECT * FROM admins WHERE user='$un' AND pass='$pw'";
$rs=mysql_query("SELECT * FROM admins WHERE user='$un' AND pass='$pw'")or die("hahaha");
if( mysql_num_rows($rs) > 0 )
//echo"Welcome <b>".$row['name']."</b>";




Anant Shrivastava
08-16-2012, 12:19 AM
--- posted an answer but removing it coz this looks like a direct attempt to mount an attack.

08-16-2012, 09:27 PM
direct attempt to mount an attack ?
are u kidding ? there is 1000 of 0days publishing mountly.
and ur worried about this little code ? well i should say i already hacked the target in another way i was just trying to learn something
anyway thanks for answer ;)

08-17-2012, 12:53 AM
@anant There would't be much we[mods] would be able to do when he speaks up with so much confident , he will eventually will do what He want's :D .

@crimer what anant and [We all] wanted for the forum is to keep the offensive rate low, and wann keep this place as professional as possible. So in future what ever motive you'r asking questions , please do not mention you'r intentions, or lie to us that you'r doing it for something good #simple .

Any way it's exploitable now that u have found ur way, it does't make sense.

08-17-2012, 12:21 PM
@fb1h2s yeah ok.
i shlould say my porpose from hacking is not bad in the first place
Files from Crim3R ≈ Packet Storm (http://packetstormsecurity.org/files/author/9653/)
ive just started bug researching in few mounts and i got few things in this little time .
about the target i hacked it from server . but im still Curious about this code.
and i will be thankful if u tell me how to understand these things myself

08-17-2012, 02:27 PM
I can explain that code, but would not help you anyway for future .

And here is everything you need to know on HOW TO.


08-17-2012, 05:33 PM
The answer is simple. And as others i too wrote but did not posted it. The code is simple to understand, If u were able to grab the code, then it will take very less effort to understand this code..."vinnu"

08-17-2012, 07:32 PM
@Crim3r: The best "to do" for you is get RIPS n scan this code. It will give you report whether this is vulnerable or not to any vulnerability. And best part is it gives potential exploit code as well.

Try it:
RIPS - free PHP security scanner using static code analysis (http://rips-scanner.sourceforge.net/)

AMol NAik

08-18-2012, 05:55 PM
Crim3r , You can try my tool PHP Source Code Testing Tool

http://www.sandeepkamble.com/skl337/2011/08/09/psa-php-source-code-testing-tool/ all the best ..