Uploaded first base page

index.php

@@ -0,0 +1,46 @@
+<?php
+$host = "localhost";
+$db = "injection";
+$username = "root";
+$password = "root";
+
+$conn = mysqli_connect($host, $username, $password, $db);
+
+if (!$conn) {
+    die("Connessione fallita: " . mysqli_connect_error());
+}
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+
+    // INPUT NON SANIFICATO (VULNERABILE)
+    $username = $_POST['username'];
+    $password = $_POST['password'];
+
+    // Query vulnerabile a SQL Injection
+    $sql = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'";
+
+    $result = mysqli_query($conn, $sql);
+
+    if ($result && $result->num_rows > 0) {
+        echo "Login effettuato con successo!";
+    } else {
+        echo "Credenziali non valide.";
+    }
+}
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+    <title>SQL Injection Test</title>
+</head>
+<body>
+	<h2>Login Test (Vulnerabile)</h2>
+
+	<form method="POST" action="">
+		Username: <input type="text" name="username"><br><br>
+		Password: <input type="password" name="password"><br><br>
+		<input type="submit" value="Login">
+	</form>
+</body>
+</html>