Buuctf reinforcement question ezsql

The title reappears

• I did this problem three months ago , But I didn't get flag, After other big guys make it , Hurry to learn to record a wave .

1. The requirements of the title are clearly written ：web There are loopholes in the service , Need reinforcement , If the reinforcement is successful, you can visit an address to get flag
2. First visit web Service address , Discovery is a login page , Try immediately SQL Inject , Universal password successfully logged in , There are obvious injection vulnerabilities .

3. Next SSH Connect to the target machine address , View directory , Find the login page code for code audit , Find the user login authentication code and SQL sentence , If it is found that the user name and password entered are not filtered, it is directly put into SQL Query statement . Obvious loopholes , The next step is to add a filter function , Complete the reinforcement .

4. Find the filter function , After trying one by one , In the use of addslashes( ) Function successfully reinforced .

                    addslashes()  function 

 In every double quote （"） Add backslash before ： <?php $str = addslashes('Shanghai is the "biggest" city in China.'); echo($str); ?> addslashes()  Function returns a string with a backslash before a predefined character .  The predefined characters are ：  Single quotation marks （'）  Double quotes （"）
     The backslash （\）
    NULL

5. stay xshell Modify the code in , as follows ：
6. I couldn't do it before , Maybe it's because I put addslashes( ) Function is added to the assignment function formula , Lead to the failure of reinforcement .

$username = $_GET['username'];
$password = $_GET['password'];
// Become the following 
$username = addslashes($_GET['username']);
$password = addslashes($_GET['password']);

7. After reinforcement, log in again with the master key , Show login failure , Reinforcement successful .

8. visit Check Service access address , obtain flag.