mirror of
https://github.com/rapid7/metasploitable3.git
synced 2024-07-04 18:55:48 +02:00
65 lines
1.7 KiB
PHP
65 lines
1.7 KiB
PHP
<?php
|
|
|
|
$conn = new mysqli('127.0.0.1', 'root', 'sploitme', 'payroll');
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
?>
|
|
|
|
<?php
|
|
if (!isset($_POST['s'])) {
|
|
?>
|
|
<center>
|
|
<form action="" method="post">
|
|
<h2>Payroll Login</h2>
|
|
<table style="border-radius: 25px; border: 2px solid black; padding: 20px;">
|
|
<tr>
|
|
<td>User</td>
|
|
<td><input type="text" name="user"></td>
|
|
</tr>
|
|
<tr>
|
|
<td>Password</td>
|
|
<td><input type="password" name="password"></td>
|
|
</tr>
|
|
<tr>
|
|
<td><input type="submit" value="OK" name="s">
|
|
</tr>
|
|
</table>
|
|
</form>
|
|
</center>
|
|
<?php
|
|
}
|
|
?>
|
|
|
|
<?php
|
|
if($_POST['s']){
|
|
$user = $_POST['user'];
|
|
$pass = $_POST['password'];
|
|
$sql = "select username, first_name, last_name, salary from users where username = '$user' and password = '$pass'";
|
|
|
|
if ($conn->multi_query($sql)) {
|
|
do {
|
|
/* store first result set */
|
|
echo "<center>";
|
|
echo "<h2>Welcome, " . $user . "</h2><br>";
|
|
echo "<table style='border-radius: 25px; border: 2px solid black;' cellspacing=30>";
|
|
echo "<tr><th>Username</th><th>First Name</th><th>Last Name</th><th>Salary</th></tr>";
|
|
if ($result = $conn->store_result()) {
|
|
while ($row = $result->fetch_assoc()) {
|
|
$keys = array_keys($row);
|
|
echo "<tr>";
|
|
foreach ($keys as $key) {
|
|
echo "<td>" . $row[$key] . "</td>";
|
|
}
|
|
echo "</tr>\n";
|
|
}
|
|
$result->free();
|
|
}
|
|
if (!$conn->more_results()) {
|
|
echo "</table></center>";
|
|
}
|
|
} while ($conn->next_result());
|
|
}
|
|
}
|
|
?>
|