Auth Service (PHP) - SQL Injection & Weak Hash

Preparing access

Checking your lab membership...

Created 30 Aug 2025Updated 30 Aug 2025

A PHP auth endpoint concatenates user input into SQL and uses md5 for passwords.

php220 pts30 min

Overview

The Auth service verifies credentials against a users table.

It has been reported that attackers can log in without valid credentials.

Inspect the login logic and identify the vulnerable line(s).

Recently created

Jump to the latest lab.

Files

auth-sql-php

Wrap

Content locked

Join this lab to access the content.

public/index.phpphp