9) Consider the following (amateur) PHP script for a login page: $username = $_GET[user]; $password = $_GET[pwd]; $= "SELECT FROM usertable WHERE username = '$username' AND password = '$password" "; $result = $db-query($sql); if ($result->num rows > 0) { /* Success */ } slas / Failure */ } a. Give a value that an attacker can enter in the field called user that will result in a successful login. Assume the attacker does not know any usernames or passwords for the site.

Transcribed Image Text:

9) Consider the following (amateur) PHP script for a login page: $username = $_GET[user] ; $password = $_GET[pwd]; $sql = "SELECT * FROM usertable WHERE username = '$username' AND password = $result = $db-query($sql); if ($result->num rows > 0) { /* Success */ } else { /* Failure } www '$password' a. Give a value that an attacker can enter in the field called user that will result in a successful login. Assume the attacker does not know any usernames or passwords for the site. | 10) Suppose a website a.com hosts the following PHP script called go.php: <HTML> <TITLE> Go forth </TITLE> <BODY> php echo $_GET[p] ?> : </BODY> </HTML> Suppose an attacker wishes to send an email with a link that will reflect the recipient's cookie from a.com back to the attacker. Write a URL that the attacker could include, specifying, which website, if any, the attacker should control. Note: do not worry about getting the URL encoding right - use a human-readable representation.