PHP code
<?php
include "sql_and_php_debug_with_anticheat.php";
mysql_connect("localhost", "level31", "P/l3ubWB4ThP8k5Uo2Fuiw==");
mysql_select_db("level31");
?>
<h1>Complex Shop Search</h1>
Try to get field "flag" of table "flag" from the database by SQL injection by hand<br/>(what query is executed? you have the script on the right)
<?php
if (empty($_GET['query'])) {
?>
<h2>Enter search text:</h2>
<form method="GET" id="form">Find: <input type="text" name="query" id="query" size=60 value="<?php echo isset($_GET['query']) ? htmlspecialchars($_GET['query']) : "a"; ?>" /> <input type="submit" value="Find »" />
<input type="hidden" name="sig_query" id="sig_query" /></form>
<?php
} else {
?>
<h2>Search results</h2>
<a href='?'>« back</a><p/>
<?php
$query = $_GET['query'];
$res = debug_mysql_query("SELECT * FROM products WHERE ((label LIKE '%" . $query . "%') OR (label REGEXP '" . $query . "')) OR ((description LIKE '%" . $query . "%') OR (description REGEXP '" . $query . "'))");
if (!$res) {
echo "<big style='color: #c00000; display: block; width: 60%'><b>MySQL error:</b> " . mysql_error() . "</big><br/><br/>";
} else {
while ($row = mysql_fetch_assoc($res)) {
echo "<h3>$row[label]</h3><p/>$row[description]<br/><br/>";
}
}
}