Created
December 11, 2019 23:17
-
-
Save aeharvlee/c624dfd4902469412a21583747db459c to your computer and use it in GitHub Desktop.
Medium Brute Force Source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if( isset( $_GET[ 'Login' ] ) ) { | |
// Sanitise username input | |
$user = $_GET[ 'username' ]; | |
$user = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $user ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : "")); | |
// Sanitise password input | |
$pass = $_GET[ 'password' ]; | |
$pass = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $pass ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : "")); | |
$pass = md5( $pass ); | |
// Check the database | |
$query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';"; | |
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' ); | |
if( $result && mysqli_num_rows( $result ) == 1 ) { | |
// Get users details | |
$row = mysqli_fetch_assoc( $result ); | |
$avatar = $row["avatar"]; | |
// Login successful | |
echo "<p>Welcome to the password protected area {$user}</p>"; | |
echo "<img src=\"{$avatar}\" />"; | |
} | |
else { | |
// Login failed | |
sleep( 2 ); | |
echo "<pre><br />Username and/or password incorrect.</pre>"; | |
} | |
((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment