first commit

dvwa/vulnerabilities/brute/source/medium.php

@@ -0,0 +1,34 @@
+<?php
+
+if( isset( $_GET[ 'Login' ] ) ) {
+	// Sanitise username input
+	$user = $_GET[ 'username' ];
+	$user = mysql_real_escape_string( $user );
+
+	// Sanitise password input
+	$pass = $_GET[ 'password' ];
+	$pass = mysql_real_escape_string( $pass );
+	$pass = md5( $pass );
+
+	// Check the database
+	$query  = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";
+	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );
+
+	if( $result && mysql_num_rows( $result ) == 1 ) {
+		// Get users details
+		$avatar = mysql_result( $result, 0, "avatar" );
+
+		// Login successful
+		$html .= "<p>Welcome to the password protected area {$user}</p>";
+		$html .= "<img src=\"{$avatar}\" />";
+	}
+	else {
+		// Login failed
+		sleep( 2 );
+		$html .= "<pre><br />Username and/or password incorrect.</pre>";
+	}
+
+	mysql_close();
+}
+
+?>