forked from Audi-1/sqli-labs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding new modules 29,30,31,32 on WAF bypass
- Loading branch information
Showing
11 changed files
with
256 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
<html xmlns="http://www.w3.org/1999/xhtml"> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | ||
<title>Less-29 Protection with WAF</title> | ||
</head> | ||
|
||
<body bgcolor="#000000"> | ||
<div style=" margin-top:70px;color:#FFF; font-size:40px; text-align:center">Welcome <font color="#FF0000"> Dhakkan </font><br> | ||
<font size="3" color="#FFFF00"> | ||
|
||
|
||
<?php | ||
//including the Mysql connect parameters. | ||
include("../sql-connections/sql-connect.php"); | ||
//disable error reporting | ||
error_reporting(0); | ||
|
||
// take the variables | ||
if(isset($_GET['id'])) | ||
{ | ||
$id=$_GET['id']; | ||
//logging the connection parameters to a file for analysis. | ||
$fp=fopen('result.txt','a'); | ||
fwrite($fp,'ID:'.$id."\n"); | ||
fclose($fp); | ||
|
||
$qs = $_SERVER['QUERY_STRING']; | ||
$hint=$qs; | ||
|
||
// connectivity | ||
$sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
if($row) | ||
{ | ||
echo "<font size='5' color= '#99FF00'>"; | ||
echo 'Your Login name:'. $row['username']; | ||
echo "<br>"; | ||
echo 'Your Password:' .$row['password']; | ||
echo "</font>"; | ||
} | ||
else | ||
{ | ||
echo '<font color= "#FFFF00">'; | ||
print_r(mysql_error()); | ||
echo "</font>"; | ||
} | ||
} | ||
else { echo "Please input the ID as parameter with numeric value";} | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
?> | ||
</font> </div></br></br></br><center> | ||
<img src="../images/Less-29.jpg" /> | ||
</br> | ||
</br> | ||
</br> | ||
<img src="../images/Less-29-1.jpg" /> | ||
</br> | ||
</br> | ||
<font size='4' color= "#33FFFF"> | ||
<?php | ||
echo "Hint: The Query String you input is: ".$hint; | ||
?> | ||
</font> | ||
</center> | ||
</body> | ||
</html> | ||
|
||
|
||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
<html xmlns="http://www.w3.org/1999/xhtml"> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | ||
<title>Less-30</title> | ||
</head> | ||
|
||
<body bgcolor="#000000"> | ||
<div style=" margin-top:70px;color:#FFF; font-size:40px; text-align:center">Welcome <font color="#FF0000"> Dhakkan </font><br> | ||
<font size="3" color="#FFFF00"> | ||
|
||
|
||
<?php | ||
//including the Mysql connect parameters. | ||
include("../sql-connections/sql-connect.php"); | ||
|
||
//disable error reporting | ||
error_reporting(0); | ||
|
||
// take the variables | ||
if(isset($_GET['id'])) | ||
{ | ||
$id=$_GET['id']; | ||
//logging the connection parameters to a file for analysis. | ||
$fp=fopen('result.txt','a'); | ||
fwrite($fp,'ID:'.$id."\n"); | ||
fclose($fp); | ||
|
||
$qs = $_SERVER['QUERY_STRING']; | ||
$hint=$qs; | ||
$id = '"' .$id. '"'; | ||
|
||
// connectivity | ||
$sql="SELECT * FROM users WHERE id=$id LIMIT 0,1"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
if($row) | ||
{ | ||
echo "<font size='5' color= '#99FF00'>"; | ||
echo 'Your Login name:'. $row['username']; | ||
echo "<br>"; | ||
echo 'Your Password:' .$row['password']; | ||
echo "</font>"; | ||
} | ||
else | ||
{ | ||
echo '<font color= "#FFFF00">'; | ||
//print_r(mysql_error()); | ||
echo "</font>"; | ||
} | ||
} | ||
else { echo "Please input the ID as parameter with numeric value";} | ||
|
||
|
||
|
||
?> | ||
</font> </div></br></br></br><center> | ||
<img src="../images/Less-30.jpg" /> | ||
</br> | ||
</br> | ||
</br> | ||
<img src="../images/Less-30-1.jpg" /> | ||
</br> | ||
</br> | ||
<font size='4' color= "#33FFFF"> | ||
<?php | ||
echo "Hint: The Query String you input is: ".$hint; | ||
?> | ||
</font> | ||
</center> | ||
</body> | ||
</html> | ||
|
||
|
||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
<html xmlns="http://www.w3.org/1999/xhtml"> | ||
<head> | ||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | ||
<title>Less-31 FUN with WAF</title> | ||
</head> | ||
|
||
<body bgcolor="#000000"> | ||
<div style=" margin-top:70px;color:#FFF; font-size:40px; text-align:center">Welcome <font color="#FF0000"> Dhakkan </font><br> | ||
<font size="3" color="#FFFF00"> | ||
|
||
|
||
<?php | ||
//including the Mysql connect parameters. | ||
include("../sql-connections/sql-connect.php"); | ||
|
||
// take the variables | ||
if(isset($_GET['id'])) | ||
{ | ||
$id=$_GET['id']; | ||
//logging the connection parameters to a file for analysis. | ||
$fp=fopen('result.txt','a'); | ||
fwrite($fp,'ID:'.$id."\n"); | ||
fclose($fp); | ||
|
||
$qs = $_SERVER['QUERY_STRING']; | ||
$hint=$qs; | ||
$id = '"'.$id.'"'; | ||
|
||
// connectivity | ||
$sql="SELECT * FROM users WHERE id= ($id) LIMIT 0,1"; | ||
$result=mysql_query($sql); | ||
$row = mysql_fetch_array($result); | ||
if($row) | ||
{ | ||
echo "<font size='5' color= '#99FF00'>"; | ||
echo 'Your Login name:'. $row['username']; | ||
echo "<br>"; | ||
echo 'Your Password:' .$row['password']; | ||
echo "</font>"; | ||
} | ||
else | ||
{ | ||
echo '<font color= "#FFFF00">'; | ||
print_r(mysql_error()); | ||
echo "</font>"; | ||
} | ||
} | ||
else { echo "Please input the ID as parameter with numeric value";} | ||
|
||
|
||
|
||
|
||
|
||
|
||
?> | ||
</font> </div></br></br></br><center> | ||
<img src="../images/Less-31.jpg" /> | ||
</br> | ||
</br> | ||
</br> | ||
<img src="../images/Less-31-1.jpg" /> | ||
</br> | ||
</br> | ||
<font size='4' color= "#33FFFF"> | ||
<?php | ||
echo "Hint: The Query String you input is: ".$hint; | ||
?> | ||
</font> | ||
</center> | ||
</body> | ||
</html> | ||
|
||
|
||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.