docker-vulnerable-dvwa/dvwa/vulnerabilities/sqli_blind/source/high.php

<?php

if( isset( $_COOKIE[ 'id' ] ) ) {
	// Get input
	$id = $_COOKIE[ 'id' ];

	// Check database
	$getid  = "SELECT first_name, last_name FROM users WHERE user_id = '$id' LIMIT 1;";
	$result = mysql_query( $getid ); // Removed 'or die' to suppress mysql errors

	// Get results
	$num = @mysql_numrows( $result ); // The '@' character suppresses errors
	if( $num > 0 ) {
		// Feedback for end user
		$html .= '<pre>User ID exists in the database.</pre>';
	}
	else {
		// Might sleep a random amount
		if( rand( 0, 5 ) == 3 ) {
			sleep( rand( 2, 4 ) );
		}

		// User wasn't found, so the page wasn't!
		header( $_SERVER[ 'SERVER_PROTOCOL' ] . ' 404 Not Found' );

		// Feedback for end user
		$html .= '<pre>User ID is MISSING from the database.</pre>';
	}

	mysql_close();
}

?>
first commit 2016-12-02 19:19:11 +00:00			`<?php`

			`if( isset( $_COOKIE[ 'id' ] ) ) {`
			`// Get input`
			`$id = $_COOKIE[ 'id' ];`

			`// Check database`
			`$getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id' LIMIT 1;";`
			`$result = mysql_query( $getid ); // Removed 'or die' to suppress mysql errors`

			`// Get results`
			`$num = @mysql_numrows( $result ); // The '@' character suppresses errors`
			`if( $num > 0 ) {`
			`// Feedback for end user`
			`$html .= '<pre>User ID exists in the database.</pre>';`
			`}`
			`else {`
			`// Might sleep a random amount`
			`if( rand( 0, 5 ) == 3 ) {`
			`sleep( rand( 2, 4 ) );`
			`}`

			`// User wasn't found, so the page wasn't!`
			`header( $_SERVER[ 'SERVER_PROTOCOL' ] . ' 404 Not Found' );`

			`// Feedback for end user`
			`$html .= '<pre>User ID is MISSING from the database.</pre>';`
			`}`

			`mysql_close();`
			`}`

			`?>`