Menu
2 days ago, a hacker got into a Admin Account. He told us that login.php is vulnerable.
But I can't find out how as I escaped the inputs:
$salt = '78sdjs86d2h';
$username = mysqli_real_escape_string($DB_H, addslashes($_POST['username']));
$password = mysqli_real_escape_string($DB_H, addslashes($_POST['password']));
$hash1 = hash('sha256', $password . $salt);
$hash = strtoupper($hash1);
$check = mysqli_query($DB_H, "SELECT * FROM players WHERE Name='$username' && Password = '$hash'");
if(mysqli_num_rows($check) != 0)
352
asked Jan 22 '26 16:01
Unless you are using some peculiar encoding, the code you posted, although it makes very little sense, is invulnerable to SQL injection. It will rather don't let a honest user to login, but there is no way to hack it through SQL injection.
The vulnerability were of the other kind, XSS for example.
105
Its better to use prepare statements to avoid sql injection. For example
$check = mysqli_query($DB_H, "SELECT * FROM players WHERE Name='$username' && Password = '$hash'")
use it like this
$check = $DB_H->prepare("SELECT * FROM players WHERE Name=? && Password = ?")
$check->bind_param('ss',$username,$hash);
$check->execute();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
