Created
December 11, 2019 23:18
-
-
Save aeharvlee/cb1f93f46c4fac6e4262130f12570f19 to your computer and use it in GitHub Desktop.
High Brute Force Source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
if( isset( $_GET[ 'Login' ] ) ) { | |
// Check Anti-CSRF token | |
checkToken( $_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'index.php' ); | |
// Sanitise username input | |
$user = $_GET[ 'username' ]; | |
$user = stripslashes( $user ); | |
$user = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $user ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : "")); | |
// Sanitise password input | |
$pass = $_GET[ 'password' ]; | |
$pass = stripslashes( $pass ); | |
$pass = ((isset($GLOBALS["___mysqli_ston"]) && is_object($GLOBALS["___mysqli_ston"])) ? mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $pass ) : ((trigger_error("[MySQLConverterToo] Fix the mysql_escape_string() call! This code does not work.", E_USER_ERROR)) ? "" : "")); | |
$pass = md5( $pass ); | |
// Check database | |
$query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';"; | |
$result = mysqli_query($GLOBALS["___mysqli_ston"], $query ) or die( '<pre>' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)) . '</pre>' ); | |
if( $result && mysqli_num_rows( $result ) == 1 ) { | |
// Get users details | |
$row = mysqli_fetch_assoc( $result ); | |
$avatar = $row["avatar"]; | |
// Login successful | |
echo "<p>Welcome to the password protected area {$user}</p>"; | |
echo "<img src=\"{$avatar}\" />"; | |
} | |
else { | |
// Login failed | |
sleep( rand( 0, 3 ) ); | |
echo "<pre><br />Username and/or password incorrect.</pre>"; | |
} | |
((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res); | |
} | |
// Generate Anti-CSRF token | |
generateSessionToken(); | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment