Question: 1.2 Escaping and Hashing The server uses the following PHP code, which escapes the username and applies the MD5 hash function to the password. if

  1. 1.2 Escaping and Hashing

    The server uses the following PHP code, which escapes the username and applies the MD5 hash function to the password.

    if (isset($_POST['username']) and isset($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5($_POST['password'], true); $sql_s = "SELECT * FROM users WHERE username='$username' and pw='$password'"; $rs = mysql_query($sql_s);

    if (mysql_num_rows($rs) > 0) { echo "Login successful!";

     } else { echo "Incorrect username or password";

    } }

    This is more difficult than the previous two defenses. You will need to write a program to produce a working exploit. You can use any language you like, but we recommend Python 3.

The target is a basic login page that uses the code above to check if login is successful

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Explain what the term HACCP refers to. Develop your own HACCP plan-from the time you purchase a pound of ground beef until it shows up as a hamburger on your plate.

Q:

The server uses the following Python code, which escapes the username and applies the MD 5 hash function to the password. Warning: This target is significantly more difficult than the previous two...

Q:

This policy will be reviewed no later than 5 years of its authorisation date. At this point it will need to be re-authorised by the relevant authority at Xxz Financial Services Version Published...

Q:

Your tasks is to create a guest book that contains three small php-scripts as follows: connect.php , which will set up a connection to the database. guestbook.php , which will show all the guestbook...

Q:

(e) Assume you have an HTML Form which contains three text-fields elements (username, password and threshold respectively). The form is submitted to your PHP program using POST method. Write a...

Q:

Question 1 (4 Sections) 100 points 95 mins This question concerns placing key values into hash tables using different probing/hashing techniques. First, run the following code cell to define the...

Q:

CSc 115 A01 Fall 2012 Pagef9 5. [12 Marks Total Hashing Sta 7 a) [6 marks] An integer data value, , is to be hashed using the expression (21+3) modulo 7 and stored in an array of length 7. Hash the...

Q:

Consider inserting data with integer keys 22, 14, 12, 48, 36, 32 in that order into a hash table of size 12 where the hashing function is h(key) % 12. b) Show an open addressing with linear proving...

Q:

HashTable: Consider inserting data with integer keys 22, 14, 12, 48, 36, 32 in that order into a hash table of size 12 where the hashing function is h(key) % 12. a) Show a chaining hash table after...

Q:

Draw the contents of the hast table in the boxes below given the following : a . The size of hash table is 1 2 b . Double hashing is used to resolve collisions c . Second hash function is H 2 ( k ) =...

Q:

A ) ( 1 5 points ) Draw tho binory min heap that resules from lnsertinis 1 1 , 9 , 1 2 , 1 4 , 3 , 1 5 , 7 , 8 , 1 in that order into an initlally empty binary heap. You do not need to show the arrav...

Q:

Consult Paragraph 10 of PCAOB Auditing Standard No. 15. As an auditor, what type of evidence would allow you to detect whether your client was engaging in behaviors that are designed to mask...

Q:

A coil has an inductance of 3.0 mH, and the current in it changes from 0.20 A to 1.5 A in 0.20 s. Find the magnitude of the average induced emf in the coil during this period.

Q:

The idea that the forward rate differs from the expected short rate because of supply and demand issues, with the forward rate usually higher, is termed

Q:

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Q:

=+associated with political parties and if so, which ones? Are

Q:

=+How are unions organized (by firm, region, industry, national , craft)?

Q:

=+ Are there multiple unions within firms, so that the MNE must negotiate with multiple, often competing unions, within the same subsidiary or organization? Scope of unions