Username: 
Password: 
Restrict session to IP 
Questions  |  score: 6  |  5.65 7.17 8.65 |  Solved By 60 People  |  110780 views  |  since Sep 02, 2009 - 22:28:42

Credit Card Challenge Pwned! (MySQL, Exploit)

GeSHi`ed php code for query.include
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
<html>
<body>
<form action="query.php" method="get">
Please enter the ID here:
<INPUT TYPE="text" size=200 NAME="id"><INPUT TYPE="submit" VALUE="submit" name="submit">
</form>
 
<?php
if (isset($_GET['id'])){   
mysql_connect("localhost", "www-user2", "secure_password12") or
die(mysql_error());
    mysql_select_db("test") or die(mysql_error());
    $id = $_GET['id'];    $query= "SELECT name FROM not_important_table WHERE id=".$id."";
 
    $result = mysql_query($query)
    or die(mysql_error());
           while($row=mysql_fetch_array($result)) {       echo $row['name'].'<br/>';
   }
}
?>
</body></html>
Your solution for Credit Card Challenge Pwned!
Answer
Many Thanks to mego and Vampire for their effort in BetaTesting.
© 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 and 2024 by Z