From c9ef101708d5e8ea3237c8553c7abd6a1886254e Mon Sep 17 00:00:00 2001
From: ShinDarth <borzifrancesco@gmail.com>
Date: Sun, 30 Mar 2014 13:06:09 +0200
Subject: [PATCH] Vulnerabilities explained in pages

---
 README.md                           |  6 ++----
 books1.php                          | 17 +++++++++++++++++
 database_struct.sql => database.sql |  0
 login1.php                          | 17 +++++++++++++++++
 login3.php                          | 17 +++++++++++++++++
 5 files changed, 53 insertions(+), 4 deletions(-)
 rename database_struct.sql => database.sql (100%)

diff --git a/README.md b/README.md
index f71c045..353d1bb 100644
--- a/README.md
+++ b/README.md
@@ -2,8 +2,6 @@ This is a demonstration about SQL-Injection for an universitary project, you can
 
 http://sqlidemo.altervista.org
 
-- Legal login: <strong>admin</strong> Password: <strong>pwd1</strong>
+- All vulnerabilities are explained in vulnerable pages
 
-- Vulnerable page <strong>login1.php</strong> can be violated by passing <strong>' OR '1'='1</strong> as password.
-
-- Vulnerable page <strong>books1.php</strong> can be used to get all user table content by passing <strong>' UNION SELECT * FROM users WHERE '1'='1</strong> as author.
\ No newline at end of file
+- Database content is available in 'database.sql' file
\ No newline at end of file
diff --git a/books1.php b/books1.php
index 0a9dc2c..229f11e 100644
--- a/books1.php
+++ b/books1.php
@@ -148,6 +148,23 @@
         </div>
       </div>
       
+       <hr>
+      <div class="row">
+        <div class="col-sm-12">
+          <h4>Vulnerability:</h4>
+        </div>
+      </div>
+      
+      <div class="row">
+        <div class="col-sm-12">
+          <div class="highlight">
+            <pre>
+Pass <strong>' UNION SELECT * FROM users WHERE '1'='1</strong> as author to get all users data.
+            </pre>
+          </div>
+        </div>
+      </div>
+      
       <br>
       <div class="footer">
         <p></p>Francesco Borzì - Computer Security Project</p>
diff --git a/database_struct.sql b/database.sql
similarity index 100%
rename from database_struct.sql
rename to database.sql
diff --git a/login1.php b/login1.php
index 58b23b8..bd89f7b 100644
--- a/login1.php
+++ b/login1.php
@@ -162,6 +162,23 @@
         </div>
       </div>
       
+      <hr>
+      <div class="row">
+        <div class="col-sm-12">
+          <h4>Vulnerability:</h4>
+        </div>
+      </div>
+      
+      <div class="row">
+        <div class="col-sm-12">
+          <div class="highlight">
+            <pre>
+Pass <strong>1' OR '1'='1</strong> as password to get authenticated.
+            </pre>
+          </div>
+        </div>
+      </div>
+      
       <br>
       <div class="footer">
         <p></p>Francesco Borzì - Computer Security Project</p>
diff --git a/login3.php b/login3.php
index fa6b0eb..3b3bf79 100644
--- a/login3.php
+++ b/login3.php
@@ -162,6 +162,23 @@
         </div>
       </div>
       
+      <hr>
+      <div class="row">
+        <div class="col-sm-12">
+          <h4>Vulnerability:</h4>
+        </div>
+      </div>
+      
+      <div class="row">
+        <div class="col-sm-12">
+          <div class="highlight">
+            <pre>
+Pass <strong>1 OR 1=1</strong> as PIN to get authenticated.
+            </pre>
+          </div>
+        </div>
+      </div>
+      
       <br>
       <div class="footer">
         <p></p>Francesco Borzì - Computer Security Project</p>