<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Dead or alive 6</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css"
integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<style>
.btn{
margin-left: 10px;
}
</style>
</head>
<body>
<?php
include "sql_and_php_debug_with_anticheat.php";
mysql_connect("localhost", "bypass6", "bypass6");
mysql_select_db("bypass6");
?>
<div style="width: 65%; padding: 2rem; box-sizing: border-box;">
<h2>Find out how many years you have left to live</h2>
<p>Flag is in table <code>flag</code> in column <code>flag</code>.</p>
<form action="" method="get" id="form">
<label for="limit">Age</label>
<div class="form-group">
<input type="text" name="age" id="age" class="form-control" required>
<input type="hidden" name="sig_age" id="sig_age" />
</div>
<button type="submit" class="btn btn-primary">Get</button>
</form>
<?php
$age = "";
if (isset($_GET['age'])) {
$age = $_GET['age'];
if (preg_match("/[^a-zA-Z0-9 '()*]+/", $age) || preg_match("/SELECT/", $age) || preg_match("/select/", $age)) {
echo '<div class="mt-5 alert alert-danger">Your request was banned.</div>';
$result = false;
} else {
$result = debug_mysql_query("SELECT * FROM age WHERE age=$age");
}
?>
<div class="card" style="margin-top: 20px; margin-bottom: 20px;">
<div class="card-body">
<h2 class="pull-left">Data</h2>
</div>
</div>
<?php
if ($result && $row = mysql_fetch_assoc($result)) {
echo "<table class='table table-bordered table-striped'>";
echo "<thead>";
echo "<tr>";
echo "<th>Current age</th>";
echo "<th>Years left</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody>";
echo "<tr>";
echo "<td>" . $row['age'] . "</td>";
echo "<td>" . $row['death'] . "</td>";
echo "</tr>";
echo "</tbody>";
echo "</table>";
} else {
echo "<p class='lead'><em>No records were found.</em></p>";
}
}
?>
</div>
</body>
</html>
Flag is in table flag in column flag.