Preparing access
Checking your lab membership...
Auth Service (PHP) - SQL Injection & Weak Hash
php A PHP auth endpoint concatenates user input into SQL and uses md5 for passwords.
mediumphp
Overview
The Auth service verifies credentials against a users table.
It has been reported that attackers can log in without valid credentials.
Inspect the login logic and identify the vulnerable line(s).
Content locked
Join this lab to access the content.
public/index.phpphp