Preparing access
Checking your lab membership…
Auth Service (PHP) - SQL Injection & Weak Hash
php A PHP auth endpoint concatenates user input into SQL and uses md5 for passwords.
medium220 ptsfreephp
Overview
The Auth service verifies credentials against a users table.
It has been reported that attackers can log in without valid credentials.
Inspect the login logic and identify the vulnerable line(s).
public/index.phpphp14px