I have to inject a login form for exercise about a computer security course .... I have passed the first level using the simple
' like 1=1--
in the password field, but now in the second level i have to inject again the same login form with the same source code except for the fact that user and pwd are being controlled by a function called lvl2_filter() which i think is part of filters.php and do not accept "=" and "OR"
How can i do it ???
both username and password field cannot be empty
include_once 'filters.php';
include_once 'config.php';
?>
<?php
$user = lvl2_filter($_REQUEST['user']);
$pwd = lvl2_filter($_REQUEST['pwd']);
$token = $_COOKIE["token_sqli2"];
if (empty($token) || !check_token($token)){
echo "<h1>You need to be logged in!</h1><br>";
}
if (!empty($user) && !empty($pwd)) {
$query = "SELECT user_id FROM users WHERE username='$user' and password='$pwd'";
$result = mysqli_query($db,$query);
if ($result && mysqli_num_rows($result)>0) {
echo "Hi $user, you are logged in.";
verify_user($token, $user);
}
else echo "sorry, invalid username or password";
}
else { ?>