Username: 
Password: 
Restrict session to IP 
Questions  |  score: 3  |  Solved By 710 People  |  66040 views  |  since May 30, 2009 - 04:33:53

PHP 0815 (Exploit, PHP)

PHP 0815 Challenge
I have this script and its prone to sql injection.
Your mission is to provide me with a fix.
The solution is the fix with the least effort (The shortest way to fix at some logic position), and guarantee the script does still work.
if you think "urldecode()" will fix the script you simply enter it as solution.
The solution has to contain all chars that you need to type.
Feel Free to discuss it in the forums, its kinda training challenge :)
GeSHi`ed PHP code
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
20
<?
# Only allow these ID's
$whitelist = array(1, 2, 3);
 
# if show is not set die with error.if (false === ($show = isset($_GET['show']) ? $_GET['show'] : false)) {
        die('MISSING PARAMETER; USE foo.bar?show=[1-3]');
}
# check if get var is sane (is it in whitelist ?)
elseif (in_array($show, $whitelist)){
        $query = "SELECT 1 FROM `table` WHERE `id`=$show";
        echo 'Query: '.htmlspecialchars($query, ENT_QUOTES).'<br/>';
        die('SHOWING NUMBER '.htmlspecialchars($show, ENT_QUOTES));
}else # Not in whitelist !
{
        die('HACKER NONONO');
}
?>
© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 and 2017 by Gizmore