46 lines
1.1 KiB
PHP
46 lines
1.1 KiB
PHP
<?php
|
|
$host = "localhost";
|
|
$db = "injection";
|
|
$username = "root";
|
|
$password = "root";
|
|
|
|
$conn = mysqli_connect($host, $username, $password, $db);
|
|
|
|
if (!$conn) {
|
|
die("Connessione fallita: " . mysqli_connect_error());
|
|
}
|
|
|
|
if ($_SERVER["REQUEST_METHOD"] == "POST") {
|
|
|
|
// INPUT NON SANIFICATO (VULNERABILE)
|
|
$username = $_POST['username'];
|
|
$password = $_POST['password'];
|
|
|
|
// Query vulnerabile a SQL Injection
|
|
$sql = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'";
|
|
|
|
$result = mysqli_query($conn, $sql);
|
|
|
|
if ($result && $result->num_rows > 0) {
|
|
echo "Login effettuato con successo!";
|
|
} else {
|
|
echo "Credenziali non valide.";
|
|
}
|
|
}
|
|
?>
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>SQL Injection Test</title>
|
|
</head>
|
|
<body>
|
|
<h2>Login Test (Vulnerabile)</h2>
|
|
|
|
<form method="POST" action="">
|
|
Username: <input type="text" name="username"><br><br>
|
|
Password: <input type="password" name="password"><br><br>
|
|
<input type="submit" value="Login">
|
|
</form>
|
|
</body>
|
|
</html>
|