PHP code
<?php
include "sql_and_php_debug.php";
mysql_connect("localhost", "bypass3", "bypass3");
mysql_select_db("bypass3");
?>
<h1>Shop List</h1>
Try to get <code>flag</code> from table <code>flag</code> through an SQL-injection (SQLMap is available here)<br/>(' is banned, " is banned, -- is banned, # is banned, /* is banned)
<?php
if (!isset($_GET['product_id'])) {
?>
<h2>Our products:</h2>
<?php
$res = debug_mysql_query("SELECT id, label FROM products");
while ($row = mysql_fetch_assoc($res)) {
echo "$row[id] — <a href='?product_id=$row[id]'>$row[label]</a><p/>";
}
} else {
?>
<h2>Product description</h2>
<a href='?'>« back</a><p/>
<?php
if (preg_match('/\'|"|--|#|\/\*/s', $_GET['product_id'])) {
echo "Hacking attempt! Denied.";
} else {
$res = debug_mysql_query("SELECT * FROM products WHERE id = " . $_GET['product_id']);
$row = mysql_fetch_assoc($res);
echo "<h3>$row[label]</h3><p/>$row[description]";
}
}