09-14-2022, 09:56 PM
When a raw md5 is used, the pass will be queried as a simple string, not a hexstring.
"SELECT * FROM admin WHERE pass = '".md5($password,true)."'"
Allowing an attacker to craft a string with a true statement such as ' or 'SOMETHING
md5("ffifdyop", true) = 'or'6�]��!r,��b�
sha1("3fDf ", true) = Q�u'='�@�[�t�- o��_-!
"SELECT * FROM admin WHERE pass = '".md5($password,true)."'"
Allowing an attacker to craft a string with a true statement such as ' or 'SOMETHING
md5("ffifdyop", true) = 'or'6�]��!r,��b�
sha1("3fDf ", true) = Q�u'='�@�[�t�- o��_-!