Permalink
Browse files

first commit

  • Loading branch information...
0 parents commit 8e6458e8b7cda7f7cd32339309ae0a16e3286617 @Audi-1 committed May 19, 2012
Showing with 3,044 additions and 0 deletions.
  1. +64 −0 Less-1/index.php
  2. +1 −0 Less-1/result.txt
  3. +70 −0 Less-10/index.php
  4. +100 −0 Less-11/index.php
  5. +102 −0 Less-12/index.php
  6. +100 −0 Less-13/index.php
  7. +102 −0 Less-14/index.php
  8. +100 −0 Less-15/index.php
  9. +104 −0 Less-16/index.php
  10. +139 −0 Less-17/index.php
  11. +137 −0 Less-18/index.php
  12. +137 −0 Less-19/index.php
  13. +71 −0 Less-2/index.php
  14. +137 −0 Less-20/index.php
  15. +67 −0 Less-3/index.php
  16. +65 −0 Less-4/index.php
  17. +67 −0 Less-5/index.php
  18. +67 −0 Less-6/index.php
  19. +68 −0 Less-7/index.php
  20. +70 −0 Less-8/index.php
  21. +69 −0 Less-9/index.php
  22. +137 −0 SQL Injections.mm
  23. BIN SQL Injections.png
  24. BIN images/Less-1.jpg
  25. BIN images/Less-10.jpg
  26. BIN images/Less-2.jpg
  27. BIN images/Less-3.jpg
  28. BIN images/Less-4.jpg
  29. BIN images/Less-5.jpg
  30. BIN images/Less-6.jpg
  31. BIN images/Less-7.jpg
  32. BIN images/Less-8.jpg
  33. BIN images/Less-9.jpg
  34. BIN images/flag.jpg
  35. BIN images/flag1.jpg
  36. BIN images/slap.jpg
  37. BIN images/slap1.jpg
  38. +82 −0 index.html
  39. +76 −0 index.html_files/freemind2html.css
  40. BIN index.html_files/hide.png
  41. BIN index.html_files/icons/Mail.png
  42. BIN index.html_files/icons/attach.png
  43. BIN index.html_files/icons/back.png
  44. BIN index.html_files/icons/bell.png
  45. BIN index.html_files/icons/bookmark.png
  46. BIN index.html_files/icons/broken-line.png
  47. BIN index.html_files/icons/button_cancel.png
  48. BIN index.html_files/icons/button_ok.png
  49. BIN index.html_files/icons/calendar.png
  50. BIN index.html_files/icons/clanbomber.png
  51. BIN index.html_files/icons/clock.png
  52. BIN index.html_files/icons/closed.png
  53. BIN index.html_files/icons/desktop_new.png
  54. BIN index.html_files/icons/down.png
  55. BIN index.html_files/icons/edit.png
  56. BIN index.html_files/icons/family.png
  57. BIN index.html_files/icons/fema.png
  58. BIN index.html_files/icons/female1.png
  59. BIN index.html_files/icons/female2.png
  60. BIN index.html_files/icons/flag-black.png
  61. BIN index.html_files/icons/flag-blue.png
  62. BIN index.html_files/icons/flag-green.png
  63. BIN index.html_files/icons/flag-orange.png
  64. BIN index.html_files/icons/flag-pink.png
  65. BIN index.html_files/icons/flag-yellow.png
  66. BIN index.html_files/icons/flag.png
  67. BIN index.html_files/icons/folder.png
  68. BIN index.html_files/icons/forward.png
  69. BIN index.html_files/icons/freemind_butterfly.png
  70. BIN index.html_files/icons/full-0.png
  71. BIN index.html_files/icons/full-1.png
  72. BIN index.html_files/icons/full-2.png
  73. BIN index.html_files/icons/full-3.png
  74. BIN index.html_files/icons/full-4.png
  75. BIN index.html_files/icons/full-5.png
  76. BIN index.html_files/icons/full-6.png
  77. BIN index.html_files/icons/full-7.png
  78. BIN index.html_files/icons/full-8.png
  79. BIN index.html_files/icons/full-9.png
  80. BIN index.html_files/icons/go.png
  81. BIN index.html_files/icons/gohome.png
  82. BIN index.html_files/icons/group.png
  83. BIN index.html_files/icons/help.png
  84. BIN index.html_files/icons/hourglass.png
  85. BIN index.html_files/icons/idea.png
  86. BIN index.html_files/icons/info.png
  87. BIN index.html_files/icons/kaddressbook.png
  88. BIN index.html_files/icons/kmail.png
  89. BIN index.html_files/icons/knotify.png
  90. BIN index.html_files/icons/korn.png
  91. BIN index.html_files/icons/ksmiletris.png
  92. BIN index.html_files/icons/launch.png
  93. BIN index.html_files/icons/licq.png
  94. BIN index.html_files/icons/list.png
  95. BIN index.html_files/icons/male1.png
  96. BIN index.html_files/icons/male2.png
  97. BIN index.html_files/icons/messagebox_warning.png
  98. BIN index.html_files/icons/password.png
  99. BIN index.html_files/icons/pencil.png
  100. BIN index.html_files/icons/penguin.png
  101. BIN index.html_files/icons/prepare.png
  102. BIN index.html_files/icons/smiley-angry.png
  103. BIN index.html_files/icons/smiley-neutral.png
  104. BIN index.html_files/icons/smiley-oh.png
  105. BIN index.html_files/icons/smily_bad.png
  106. BIN index.html_files/icons/stop-sign.png
  107. BIN index.html_files/icons/stop.png
  108. BIN index.html_files/icons/up.png
  109. BIN index.html_files/icons/wizard.png
  110. BIN index.html_files/icons/xmag.png
  111. BIN index.html_files/icons/yes.png
  112. BIN index.html_files/ilink.png
  113. BIN index.html_files/image.png
  114. BIN index.html_files/leaf.png
  115. +473 −0 index.html_files/marktree.js
  116. BIN index.html_files/minus.png
  117. BIN index.html_files/plus.png
  118. BIN index.html_files/show.png
  119. +247 −0 index.html_files/treestyles.css
  120. +10 −0 sql-connections/db-creds.inc
  121. +123 −0 sql-connections/setup-db.php
  122. +21 −0 sql-connections/sql-connect.php
  123. +38 −0 sql-lab.sql
@@ -0,0 +1,64 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>Less-1 **Error Based- String**</title>
+</head>
+
+<body bgcolor="#000000">
+<div style=" margin-top:70px;color:#FFF; font-size:23px; text-align:center">Welcome&nbsp;&nbsp;&nbsp;<font color="#FF0000"> Dhakkan </font><br>
+<font size="3" color="#FFFF00">
+
+
+<?php
+//including the Mysql connect parameters.
+include("../sql-connections/sql-connect.php");
+
+// take the variables
+if(isset($_GET['id']))
+{
+$id=$_GET['id'];
+//logging the connection parameters to a file for analysis.
+$fp=fopen('result.txt','a');
+fwrite($fp,'ID:'.$id."\n");
+fclose($fp);
+
+// connectivity
+
+
+$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
+$result=mysql_query($sql);
+$row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '<font color= "#0000ff">';
+ echo 'Your Login name:'. $row['username'];
+ echo "<br>";
+ echo 'Your Password:' .$row['password'];
+ echo "</font>";
+ }
+ else
+ {
+ echo '<font color= "#FFFF00">';
+ print_r(mysql_error());
+ echo "</font>";
+ }
+}
+ else { echo "Please input the ID as parameter with numeric value";}
+
+?>
+
+
+</font> </div>
+<div align="center" style="margin:60px 0px 0px 260px;border:20px;text-align:center;width:400px; height:450px;">
+<div style="padding-top:10px; font-size:19px;"><img src="../images/Less-1.jpg" /></div>
+</div>
+</body>
+</html>
+
+
+
+
+
+
@@ -0,0 +1 @@
+ID:1
@@ -0,0 +1,70 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>Less-10 Blind- Time based- Double Quotes- String</title>
+</head>
+
+<body bgcolor="#000000">
+<div style=" margin-top:60px;color:#FFF; font-size:23px; text-align:center">Welcome&nbsp;&nbsp;&nbsp;<font color="#FF0000"> Dhakkan </font><br>
+<font size="3" color="#FFFF00">
+
+
+<?php
+//including the Mysql connect parameters.
+include("../sql-connections/sql-connect.php");
+
+// take the variables
+if(isset($_GET['id']))
+{
+$id=$_GET['id'];
+//logging the connection parameters to a file for analysis.
+$fp=fopen('result.txt','a');
+fwrite($fp,'ID:'.$id."\n");
+fclose($fp);
+
+// connectivity
+
+$id = '"'.$id.'"';
+$sql="SELECT * FROM users WHERE id=$id LIMIT 0,1";
+$result=mysql_query($sql);
+$row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '<font size="5" color="#FFFF00">';
+ echo 'You are in...........';
+ echo "<br>";
+ echo "</font>";
+ }
+ else
+ {
+
+ echo '<font size="5" color="#FFFF00">';
+ echo 'You are in...........';
+ //print_r(mysql_error());
+ //echo "You have an error in your SQL syntax";
+ echo "</br></font>";
+ echo '<font color= "#0000ff" font size= 3>';
+
+ }
+}
+ else { echo "Please input the ID as parameter with numeric value";}
+
+?>
+
+
+</font> </div>
+<div align="center" style="margin:60px 0px 0px 260px;border:20px;text-align:center;width:400px; height:450px;">
+<div style="padding-top:10px; font-size:19px;"><img src="../images/Less-10.jpg" />
+</div>
+</div>
+</body>
+</html>
+
+
+
+
+
+
+
@@ -0,0 +1,100 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title>Less-11- Error Based- String</title>
+</head>
+
+<body bgcolor="#000000">
+<div style=" margin-top:20px;color:#FFF; font-size:24px; text-align:center"> Welcome&nbsp;&nbsp;<font color="#FF0000"> Dhakkan </font><br></div>
+
+<div align="center" style="margin:40px 0px 0px 520px;border:20px; background-color:#0CF; text-align:center; width:400px; height:150px;">
+
+<div style="padding-top:10px; font-size:15px;">
+
+
+<!--Form to post the data for sql injections Error based SQL Injection-->
+<form action="" name="form1" method="post">
+ <div style="margin-top:15px; height:30px;">Username : &nbsp;&nbsp;&nbsp;
+ <input type="text" name="uname" value=""/>
+ </div>
+ <div> Password : &nbsp;&nbsp;&nbsp;
+ <input type="text" name="passwd" value=""/>
+ </div></br>
+ <div style=" margin-top:9px;margin-left:90px;">
+ <input type="submit" name="submit" value="Submit" />
+ </div>
+</form>
+
+</div></div>
+
+<div style=" margin-top:10px;color:#FFF; font-size:23px; text-align:center">
+<font size="6" color="#FFFF00">
+
+
+
+
+
+<?php
+//including the Mysql connect parameters.
+include("../sql-connections/sql-connect.php");
+
+
+// take the variables
+if(isset($_POST['uname']) && isset($_POST['passwd']))
+{
+ $uname=$_POST['uname'];
+ $passwd=$_POST['passwd'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'User Name:'.$uname);
+ fwrite($fp,'Password:'.$passwd."\n");
+ fclose($fp);
+
+
+ // connectivity
+ @$sql="SELECT username, password FROM users WHERE username='$uname' and password='$passwd' LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ //echo '<font color= "#0000ff">';
+
+ echo "<br>";
+ echo '<font color= "#FFFF00" font size = 4>';
+ //echo " You Have successfully logged in\n\n " ;
+ echo '<font size="3" color="#0000ff">';
+ echo "<br>";
+ echo 'Your Login name:'. $row['username'];
+ echo "<br>";
+ echo 'Your Password:' .$row['password'];
+ echo "<br>";
+ echo "</font>";
+ echo "<br>";
+ echo "<br>";
+ echo '<img src="../images/flag.jpg" />';
+
+ echo "</font>";
+ }
+ else
+ {
+ echo '<font color= "#0000ff" font size="3">';
+ //echo "Try again looser";
+ print_r(mysql_error());
+ echo "</br>";
+ echo "</br>";
+ echo "</br>";
+ echo '<img src="../images/slap.jpg" />';
+ echo "</font>";
+ }
+}
+
+?>
+
+
+</font>
+</div>
+</body>
+</html>
@@ -0,0 +1,102 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <title>Less-12- Error Based- Double quotes- String</title>
+</head>
+
+<body bgcolor="#000000">
+<div style=" margin-top:20px;color:#FFF; font-size:24px; text-align:center"> Welcome&nbsp;&nbsp;<font color="#FF0000"> Dhakkan </font><br></div>
+
+<div align="center" style="margin:40px 0px 0px 520px;border:20px; background-color:#0CF; text-align:center; width:400px; height:150px;">
+
+<div style="padding-top:10px; font-size:15px;">
+
+
+<!--Form to post the data for sql injections Error based SQL Injection-->
+<form action="" name="form1" method="post">
+ <div style="margin-top:15px; height:30px;">Username : &nbsp;&nbsp;&nbsp;
+ <input type="text" name="uname" value=""/>
+ </div>
+ <div> Password : &nbsp;&nbsp;&nbsp;
+ <input type="text" name="passwd" value=""/>
+ </div></br>
+ <div style=" margin-top:9px;margin-left:90px;">
+ <input type="submit" name="submit" value="Submit" />
+ </div>
+</form>
+
+</div></div>
+
+<div style=" margin-top:10px;color:#FFF; font-size:23px; text-align:center">
+<font size="6" color="#FFFF00">
+
+
+
+
+
+<?php
+//including the Mysql connect parameters.
+include("../sql-connections/sql-connect.php");
+
+
+// take the variables
+if(isset($_POST['uname']) && isset($_POST['passwd']))
+{
+ $uname=$_POST['uname'];
+ $passwd=$_POST['passwd'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'User Name:'.$uname."\n");
+ fwrite($fp,'Password:'.$passwd."\n");
+ fclose($fp);
+
+
+ // connectivity
+ $uname='"'.$uname.'"';
+ $passwd='"'.$passwd.'"';
+ @$sql="SELECT username, password FROM users WHERE username=($uname) and password=($passwd) LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ //echo '<font color= "#0000ff">';
+
+ echo "<br>";
+ echo '<font color= "#FFFF00" font size = 4>';
+ //echo " You Have successfully logged in " ;
+ echo '<font size="3" color="#0000ff">';
+ echo "<br>";
+ echo 'Your Login name:'. $row['username'];
+ echo "<br>";
+ echo 'Your Password:' .$row['password'];
+ echo "<br>";
+ echo "</font>";
+ echo "<br>";
+ echo "<br>";
+ echo '<img src="../images/flag.jpg" />';
+
+ echo "</font>";
+ }
+ else
+ {
+ echo '<font color= "#0000ff" font size="3">';
+ //echo "Try again looser";
+ print_r(mysql_error());
+ echo "</br>";
+ echo "</br>";
+ echo "</br>";
+ echo '<img src="../images/slap.jpg" />';
+ echo "</font>";
+ }
+}
+
+?>
+
+
+</font>
+</div>
+</body>
+</html>
Oops, something went wrong.

0 comments on commit 8e6458e

Please sign in to comment.