Created
December 11, 2019 23:16
-
-
Save aeharvlee/a19b938192632c4cfa9ea48462a0d8db to your computer and use it in GitHub Desktop.
Low Brute Force Source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if( isset( $_GET[ 'Login' ] ) ) { | |
// Get username | |
$user = $_GET[ 'username' ]; | |
// Get password | |
$pass = $_GET[ 'password' ]; | |
$pass = md5( $pass ); | |
// Check the database | |
$query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';"; | |
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' ); | |
if( $result && mysqli_num_rows( $result ) == 1 ) { | |
// Get users details | |
$row = mysqli_fetch_assoc( $result ); | |
$avatar = $row["avatar"]; | |
// Login successful | |
echo "<p>Welcome to the password protected area {$user}</p>"; | |
echo "<img src=\"{$avatar}\" />"; | |
} | |
else { | |
// Login failed | |
echo "<pre><br />Username and/or password incorrect.</pre>"; | |
} | |
((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment