$ wget http://zeus.fei.tuke.sk/bps3r/login.php.txt
$ cp login.php.txt /var/www/html/login.php
<html> <body> <?php if(isset($_POST['login'])) { $username = $_POST['username']; $password = $_POST['password']; $con = mysqli_connect('localhost','root','','sample'); $result = mysqli_query($con, "SELECT * FROM `users` WHERE username='$username' AND password='$password'"); if(mysqli_num_rows($result) == 0) echo 'Invalid username or password'; else echo '<h1>Logged in</h1><p>A Secret for you....</p>'; } else { ?> <form action="" method="post"> Username: <input type="text" name="username"/><br /> Password: <input type="password" name="password"/><br /> <input type="submit" name="login" value="Login"/> </form> <?php } ?> </body> </html>
$ mysql -u root
create database sample; connect sample; create table users(username VARCHAR(100),password VARCHAR(100)); insert into users values('jesin','pwd'); insert into users values('alice','secret'); quit;
Note
' or true --
Warning
$ yum -y install mod_security_crs
$ cd /etc/httpd/modsecurity.d
$ cp activated_rules/modsecurity_41* ./
$ cp activated_rules/modsecurity_crs_41_s* ./
$ \rm activated_rules/*
$ service httpd restart