-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathinjection.phps
57 lines (50 loc) · 1.36 KB
/
injection.phps
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Injection</title>
</head>
<body>
<form action="/sites/injection/index.php" method="post">
<h1>Login to Access User Message</h1>
<table>
<tr>
<td>Username</td>
<td>
<input type="text" name="username" autocomplete="off" autofocus>
</td>
</tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="password" autocomplete="off">
</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</form>
<div id="result">
<?php
error_reporting(0);
if (isset($_POST['submit']) && isset($_POST['username']) && isset($_POST['password']) && $_POST['submit'] == "Login") {
echo "<table border='1'><tr><th>username</th><th>message</th></tr>";
$username = $_POST['username'];
$password = $_POST['password'];
mysql_connect("xxxxxxxxx", "xxxxxxxxx", "xxxxxxxxx");
@mysql_select_db("xxxxxxxxx") or die("can't select database");
$query = "SELECT * FROM `xxxxxxxxx` WHERE username='$username' AND password='$password'";
$result = mysql_query($query);
while($row = mysql_fetch_array($result)) {
echo "<tr><td>".$row['username']."</td><td>".$row['message']."</td></tr>";
}
echo "</table>";
}
?>
</div>
</body>
</html>