Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

5
  • I get error Call to undefined function sanitizeString() what function are you using for sanitation? also you are missing some brackets in code after if ($user == "" || $pass == "") Commented Jan 31, 2015 at 4:22
  • @TimWilliams I don't know what function it is, and I don't know there those custom functions could be, maybe in www dir or somewhere else. However, I just managed with a help of sql injection dictionary to authenticate. Now the question is what is that custom function and where would one normally place them? Commented Jan 31, 2015 at 4:39
  • @Gazel that is a good question. Usually people would include this code at the top of the php file include sanitize.php; however I can't see this in your code. If you are running linux you could run a command like this grep -rnw '/var/www' -e "sanitizeString" in your terminal. This will search and display all files that contain "sanitizeString" text in them. Commented Jan 31, 2015 at 8:27
  • I tried looking through DVWA however I was unable to find any file containing "sanitizeString" Commented Jan 31, 2015 at 11:12
  • 1
    @TimWilliams My guess it that it's not exactly DWWA, probably our course leader customized the vulnerable site to make it different from the default one. Also, I found all the sanitize functions in a separate php file. I will pot a new question regarding overcoming those sql injection sanitization functions. Commented Jan 31, 2015 at 11:25