PHP code

<?php
include "sql_and_php_debug.php";
mysql_connect("localhost""level25""5EKtbwA3mdhZG5yPuqd2qQ==");
mysql_select_db("level25");

?>
<h1>Shop Search</h1>
Try to dump the database through an SQL-injection in POST parameter (how to tell sqlmap to do that?)
<?php
if (empty($_POST['query'])) {
?>
<h2>Enter some text to search our products:</h2>
<form method="POST">Find: <input type="text" name="query" /> <input type="submit" value="Find &raquo;" /></form>
<?php
} else {
?>
<h2>Search results</h2>
<a href='?'>&laquo; back</a><p/>
<?php
  $res debug_mysql_query("SELECT * FROM products WHERE label LIKE '%$_POST[query]%' OR description LIKE '%$_POST[query]%'");
  while ($row mysql_fetch_assoc($res)) {
    echo "<h3>$row[label]</h3><p/>$row[description]<br/><br/>";
  }
}
SQL debug

Shop Search

Try to dump the database through an SQL-injection in POST parameter (how to tell sqlmap to do that?)

Enter some text to search our products:

Find: