Credit Card Challenge Pwned! (MySQL, Exploit)
GeSHi`ed php code for query.include
1 2 3 4 56 7 8 9 1011 12 13 14 1516 17 18 19 2021 22 23 24 2526 | <html> <body> <form action="query.php" method="get"> Please enter the ID here: <INPUT TYPE="text" size=200 NAME="id"><INPUT TYPE="submit" VALUE="submit" name="submit"> </form> <?php if (isset($_GET['id'])){ mysql_connect("localhost", "www-user2", "secure_password12") or die(mysql_error()); mysql_select_db("test") or die(mysql_error()); $id = $_GET['id']; $query= "SELECT name FROM not_important_table WHERE id=".$id.""; $result = mysql_query($query) or die(mysql_error()); while($row=mysql_fetch_array($result)) { echo $row['name'].'<br/>'; } } ?> </body></html> |
© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by Z