docker-vulnerable-dvwa/dvwa/vulnerabilities/brute/source/low.php

33 lines
1.0 KiB
PHP
Raw Normal View History

2016-12-02 19:19:11 +00:00
<?php
if( isset( $_GET[ 'Login' ] ) ) {
// Get username
$user = $_GET[ 'username' ];
// Get password
$pass = $_GET[ 'password' ];
$pass = md5( $pass );
// Check the database
$query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";
2018-10-12 15:49:58 +00:00
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' );
2016-12-02 19:19:11 +00:00
2018-10-12 15:49:58 +00:00
if( $result && mysqli_num_rows( $result ) == 1 ) {
2016-12-02 19:19:11 +00:00
// Get users details
2018-10-12 15:49:58 +00:00
$row = mysqli_fetch_assoc( $result );
$avatar = $row["avatar"];
2016-12-02 19:19:11 +00:00
// Login successful
$html .= "<p>Welcome to the password protected area {$user}</p>";
$html .= "<img src=\"{$avatar}\" />";
}
else {
// Login failed
$html .= "<pre><br />Username and/or password incorrect.</pre>";
}
2018-10-12 15:49:58 +00:00
((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
2016-12-02 19:19:11 +00:00
}
?>