PHP code
<head><meta charset="utf-8" /><style>input { font-family: monospace; font-size: 36px; }</style></head>
<?php
include "sql_and_php_debug_with_anticheat.php";
mysql_connect("localhost", "calc", "calc");
mysql_select_db("calc");
?>
<h1>SQL calc</h1>
Looks like they implemented a calculator in a strange way.<br/>And we don't know the table where flag is.<br/>(how to use <code>information_schema</code>?)<p/>
<?php
if (!isset($_GET['equ'])) {
$result = 0;
} elseif (preg_match('/\'|"|--|#|\/\*/s', $_GET['equ'])) {
echo "Hacking attempt! Denied.";
$result = "ERR";
} else {
$res = debug_mysql_query("SELECT (" . $_GET['equ'] . ")");
$row = mysql_fetch_row($res);
$result = $row[0];
}
?>
<h2>Calculator:</h2>
<form method="GET" id="form">
Expression to calculate: <input type="text" name="equ" id="equ" size=20 value="<?php echo isset($_GET['equ']) ? htmlspecialchars($_GET['equ']) : "2 + 2 * 2"; ?>" />
<input type="submit" value="=" />
<input type="text" size=3 value="<?php echo $result; ?>" />
<input type="hidden" name="sig_equ" id="sig_equ" />
</form>