Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
103 lines (79 sloc) 2.7 KB
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Less-14- Double Injection- Double quotes- String</title>
<body bgcolor="#000000">
<div style=" margin-top:20px;color:#FFF; font-size:24px; text-align:center"> Welcome&nbsp;&nbsp;<font color="#FF0000"> Dhakkan </font><br></div>
<div align="center" style="margin:40px 0px 0px 520px;border:20px; background-color:#0CF; text-align:center; width:400px; height:150px;">
<div style="padding-top:10px; font-size:15px;">
<!--Form to post the data for sql injections Error based SQL Injection-->
<form action="" name="form1" method="post">
<div style="margin-top:15px; height:30px;">Username : &nbsp;&nbsp;&nbsp;
<input type="text" name="uname" value=""/>
<div> Password : &nbsp;&nbsp;&nbsp;
<input type="text" name="passwd" value=""/>
<div style=" margin-top:9px;margin-left:90px;">
<input type="submit" name="submit" value="Submit" />
<div style=" margin-top:10px;color:#FFF; font-size:23px; text-align:center">
<font size="6" color="#FFFF00">
//including the Mysql connect parameters.
// take the variables
if(isset($_POST['uname']) && isset($_POST['passwd']))
//logging the connection parameters to a file for analysis.
fwrite($fp,'User Name:'.$uname."\n");
// connectivity
@$sql="SELECT username, password FROM users WHERE username=$uname and password=$passwd LIMIT 0,1";
$row = mysql_fetch_array($result);
//echo '<font color= "#0000ff">';
echo "<br>";
echo '<font color= "#FFFF00" font size = 4>';
//echo " You Have successfully logged in " ;
echo '<font size="3" color="#0000ff">';
echo "<br>";
//echo 'Your Login name:'. $row['username'];
//echo "<br>";
//echo 'Your Password:' .$row['password'];
//echo "<br>";
echo "</font>";
echo "<br>";
echo "<br>";
echo '<img src="../images/flag.jpg" />';
echo "</font>";
echo '<font color= "#0000ff" font size="3">';
//echo "Try again looser";
echo "</br>";
echo "</br>";
echo "</br>";
echo '<img src="../images/slap.jpg" />';
echo "</font>";
Jump to Line
Something went wrong with that request. Please try again.