mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-07-15 00:01:26 +02:00
51 lines
1.4 KiB
PHP
51 lines
1.4 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
$conn = new mysqli('127.0.0.1', 'root', 'sploitme', 'payroll');
|
||
|
|
if ($conn->connect_error) {
|
||
|
|
die("Connection failed: " . $conn->connect_error);
|
||
|
|
}
|
||
|
|
?>
|
||
|
|
|
||
|
|
<form action="" method="post">
|
||
|
|
<table width="50%">
|
||
|
|
<tr>
|
||
|
|
<td>User</td>
|
||
|
|
<td><input type="text" name="user"></td>
|
||
|
|
</tr>
|
||
|
|
<tr>
|
||
|
|
<td></td>
|
||
|
|
<td><input type="text" name="password"></td>
|
||
|
|
</tr>
|
||
|
|
</table>
|
||
|
|
<input type="submit" value="OK" name="s">
|
||
|
|
</form>
|
||
|
|
|
||
|
|
<?php
|
||
|
|
if($_POST['s']){
|
||
|
|
$user = $_POST['user'];
|
||
|
|
$pass = $_POST['password'];
|
||
|
|
$sql = "select username, first_name, last_name, salary from users where username = '$user' and password = '$pass'";
|
||
|
|
|
||
|
|
if ($conn->multi_query($sql)) {
|
||
|
|
do {
|
||
|
|
/* store first result set */
|
||
|
|
echo "<table border=1>";
|
||
|
|
echo "<tr><th>Username</th><th>First Name</th><th>Last Name</th><th>Salary</th></tr>";
|
||
|
|
if ($result = $conn->store_result()) {
|
||
|
|
while ($row = $result->fetch_assoc()) {
|
||
|
|
$keys = array_keys($row);
|
||
|
|
echo "<tr>";
|
||
|
|
foreach ($keys as $key) {
|
||
|
|
echo "<td>" . $row[$key] . "</td>";
|
||
|
|
}
|
||
|
|
}
|
||
|
|
$result->free();
|
||
|
|
}
|
||
|
|
if (!$conn->more_results()) {
|
||
|
|
echo "</table>";
|
||
|
|
}
|
||
|
|
} while ($conn->next_result());
|
||
|
|
}
|
||
|
|
}
|
||
|
|
?>
|