Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("/../../connection.php");
- if(isset($_POST["button_one"])){
- $username = $_POST['username'];
- $password = $_POST['password'];
- if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // IF THE USER HAS A VALID USERNAME OR PASSWORD,
- {
- do {
- if ($result = $conn->store_result()) {
- while ($row = $result->fetch_row()) { // THEN ENABLE BUTTON TWO, WHICH HAS TO BE CLICKED TO DROP THE DATABASE
- echo "
- <script type="text/javascript">
- document.getElementById('button_two').disabled=false;
- </script>
- ";
- }
- $result->free();
- }
- } while ($conn->next_result());
- }
- }
- if(isset($_POST["button_two"])){
- $username = $_POST['username']; // SQL INJECTION TO DROP THE DB HAPPENS HERE
- $password = $_POST['password'];
- if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // SQL INJECTION SUCCEEDED
- {
- do {
- if ($result = $conn->store_result()) {
- while ($row = $result->fetch_row()) {
- if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) { // NO MORE DATABASE LIKE THAT, IT HAS BEEN DROPPED DUE TO THE INJECTION
- if($result->num_rows == 0) {
- include("another.php"); // THE PROBLEM IS HERE. EVEN THOUGH THE DB IS DROPPED, THIS PAGE IS NOT RENDERING
- }
- }
- }
- $result->free();
- }
- } while ($conn->next_result());
- }
- }
- ?>
Add Comment
Please, Sign In to add comment