<?phpinclude("/../../connection.php");if(isset($_POST["button_one"])){ $u

1. <?php
2. include("/../../connection.php");
3.  
4. if(isset($_POST["button_one"])){
5. $username = $_POST['username'];
6. $password = $_POST['password'];
7.  
8. if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // IF THE USER HAS A VALID USERNAME OR PASSWORD,
9. {
10. do {
11. if ($result = $conn->store_result()) {
12. while ($row = $result->fetch_row()) { // THEN ENABLE BUTTON TWO, WHICH HAS TO BE CLICKED TO DROP THE DATABASE
13. echo "
14. <script type="text/javascript">
15. document.getElementById('button_two').disabled=false;
16. </script>
17. ";
18. }
19. $result->free();
20. }
21. } while ($conn->next_result());
22. }
23. }
24.  
25. if(isset($_POST["button_two"])){
26. $username = $_POST['username']; // SQL INJECTION TO DROP THE DB HAPPENS HERE
27. $password = $_POST['password'];
28.  
29. if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // SQL INJECTION SUCCEEDED
30. {
31. do {
32. if ($result = $conn->store_result()) {
33. while ($row = $result->fetch_row()) {
34. if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) { // NO MORE DATABASE LIKE THAT, IT HAS BEEN DROPPED DUE TO THE INJECTION
35. if($result->num_rows == 0) {
36. include("another.php"); // THE PROBLEM IS HERE. EVEN THOUGH THE DB IS DROPPED, THIS PAGE IS NOT RENDERING
37. }
38. }
39. }
40. $result->free();
41. }
42. } while ($conn->next_result());
43. }
44. }
45. ?>