scimad · January 31, 2021 16:48
diff --git a/index.php b/index.php
 <?php
 ?>
 <h3>Sample login system</h3>
 Input <b>admin' OR 1#</b> to in the username field to perform sql injection 
 <form method = "POST" action = "landing.php">
  <label for="username">Username:</label><br>
  <input type="text" id="username" name="username"><br>
  <label for="password">Password:</label><br>
  <input type="password" id="password" name="password">
  <input type="submit">
 </form>
 <?php
diff --git a/landing.php b/landing.php
 <?php
 $servername = "localhost";
 $username = "sql_user_eg_root";
 $password = "password_for_sql_user";
 $dbname = "sqlinject";

 // Create connection
 $conn = new mysqli($servername, $username, $password, $dbname);
 // Check connection
 if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
 }


 // $user = 'admin';
 // $sql = "SELECT username FROM users";

 $user = $_POST["username"];
 $sql = "SELECT * FROM users WHERE `username` = '$user'";

 // echo $sql."<br>";

 $result = $conn->query($sql);

 if ($result->num_rows > 0) {
  // output data of each row
  echo "<H2>Username found in database</H2>";
  while($row = $result->fetch_assoc()) {
    echo "Username: <b>" . $row["username"]. "</b> lives in <b>".$row["hometown"]."</b> and your password is <b>".$row["password"]."</b><br>";
  }
 } else {
  echo "User Not Authorized";
 }
 $conn->close();
 ?>
	<?php
	?>
	<h3>Sample login system</h3>
	Input <b>admin' OR 1#</b> to in the username field to perform sql injection
	<form method = "POST" action = "landing.php">
	<label for="username">Username:</label><br>
	<input type="text" id="username" name="username"><br>
	<label for="password">Password:</label><br>
	<input type="password" id="password" name="password">
	<input type="submit">
	</form>
	<?php
	<?php
	$servername = "localhost";
	$username = "sql_user_eg_root";
	$password = "password_for_sql_user";
	$dbname = "sqlinject";

	// Create connection
	$conn = new mysqli($servername, $username, $password, $dbname);
	// Check connection
	if ($conn->connect_error) {
	die("Connection failed: " . $conn->connect_error);
	}


	// $user = 'admin';
	// $sql = "SELECT username FROM users";

	$user = $_POST["username"];
	$sql = "SELECT * FROM users WHERE `username` = '$user'";

	// echo $sql."<br>";

	$result = $conn->query($sql);

	if ($result->num_rows > 0) {
	// output data of each row
	echo "<H2>Username found in database</H2>";
	while($row = $result->fetch_assoc()) {
	echo "Username: <b>" . $row["username"]. "</b> lives in <b>".$row["hometown"]."</b> and your password is <b>".$row["password"]."</b><br>";
	}
	} else {
	echo "User Not Authorized";
	}
	$conn->close();
	?>