SHARE
TWEET

Untitled

a guest Jun 30th, 2018 208 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. include("/../../connection.php");
  3.  
  4. if(isset($_POST["button_one"])){
  5.     $username = $_POST['username'];
  6.     $password = $_POST['password'];
  7.  
  8.     if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // IF THE USER HAS A VALID USERNAME OR PASSWORD,
  9.     {
  10.         do {
  11.             if ($result = $conn->store_result()) {
  12.                 while ($row = $result->fetch_row()) { // THEN ENABLE BUTTON TWO, WHICH HAS TO BE CLICKED TO DROP THE DATABASE
  13.                     echo "
  14.                     <script type="text/javascript">
  15.                         document.getElementById('button_two').disabled=false;
  16.                     </script>
  17.                     ";
  18.                 }
  19.                 $result->free();
  20.             }
  21.         } while ($conn->next_result());
  22.     }
  23. }
  24.  
  25. if(isset($_POST["button_two"])){
  26.     $username = $_POST['username']; // SQL INJECTION TO DROP THE DB HAPPENS HERE
  27.     $password = $_POST['password'];
  28.  
  29.     if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // SQL INJECTION SUCCEEDED
  30.     {
  31.         do {
  32.             if ($result = $conn->store_result()) {
  33.                 while ($row = $result->fetch_row()) {
  34.                     if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) { // NO MORE DATABASE LIKE THAT, IT HAS BEEN DROPPED DUE TO THE INJECTION
  35.                         if($result->num_rows == 0) {
  36.                             include("another.php"); // THE PROBLEM IS HERE. EVEN THOUGH THE DB IS DROPPED, THIS PAGE IS NOT RENDERING
  37.                         }
  38.                     }
  39.                 }
  40.                 $result->free();
  41.             }
  42.         } while ($conn->next_result());
  43.     }
  44. }
  45. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top