Login

Anne · 01-26-2013, 10:57 PM

<!doctype html>
<html>
<head>
<meta charset=utf-8>
<title>Last Chaos</title>
</head>
<body>
<?php
$host = 127.0.0.1;
$pass = ;
$auth = engine;
$user = root;
$salt = "phoohie1yaihooyaequae7PuiWoeNgahjieth3ru3yeeghaepahb7aeYaipe2we6zii6mai6uweig8siasheinoungeoyeiLohShi2xoh2xi8ooxee9ahpiehahc9Phe";
if(isset($_POST[user])and isset($_POST[passwd])and isset($_POST[email])){
include config.php;
$DBH = new PDO("mysql:host=$host;dbname=$auth", $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
$data_test = array($_POST[user]);
$STH = $DBH->prepare(SELECT COUNT(*) FROM bg_user WHERE user_id=?);
$STH->execute($data_test);
$result = $STH->fetchColumn();
if($result == 0){
$data = array(strtolower($_POST[user]),hash("sha256",(strtolower($_POST[user])).$salt.$_POST[passwd]),$_POST[email],
hash("sha256",(strtolower($_POST[user])).$salt.$_POST[passwd].$salt.$_POST[email]));
$STH = $DBH->prepare("INSERT INTO bg_user (user_id,passwd,email,hash) values (?, ?, ?, ?)");
$STH->execute($data);
echo <script>alert("Account register. Have fun..");location.href="index.php";</script>;
}else{echo <script>alert("Account use.");location.href="";</script>;}
}else{echo <fieldset>
<legend>ÃÂ ÃÂµÃÂ³ÃÂ¸Ã‘ÂÃ‘â€šÃ‘â‚¬ÃÂ°Ã‘â€ ÃÂ¸Ã‘Â</legend>
<form action="" method="post">
<input type="text" name="user" placeholder="Login" maxlength="20" required><br/>
<input type="password" name="passwd" placeholder="Password" maxlength="20" required><br/>
<input type="email" name="email" placeholder="Email" maxlength="50" required><br/><br/>
<input type="submit" value="Register" />
</form> </fieldset>;}
?>
</body>
</html>

bg_user add table hash.

SET FOREIGN_KEY_CHECKS=0;

-- ----------------------------
-- Table structure for `bg_user`
-- ----------------------------
DROP TABLE IF EXISTS `bg_user`;
CREATE TABLE `bg_user` (
`user_code` int(10) unsigned NOT NULL AUTO_INCREMENT,
`user_id` varchar(30) NOT NULL DEFAULT 0,
`truepasswd` varchar(30) DEFAULT NULL,
`passwd` varchar(200) NOT NULL DEFAULT 0,
`chk_tester` char(1) NOT NULL DEFAULT N,
`jumin` varchar(20) DEFAULT 0,
`chk_service` char(1) DEFAULT Y,
`partner_id` char(2) NOT NULL DEFAULT LC,
`active_passwd` varchar(15) NOT NULL DEFAULT 0,
`active_time` datetime NOT NULL DEFAULT 0000-00-00 00:00:00,
`create_date` datetime NOT NULL DEFAULT 0000-00-00 00:00:00,
`email` varchar(100) DEFAULT NULL,
`ip` varchar(20) DEFAULT NULL,
`hashigh` smallint(6) DEFAULT NULL,
`send` int(11) DEFAULT 0,
`question` varchar(200) DEFAULT NULL,
`answer` varchar(200) DEFAULT NULL,
`cash` int(11) DEFAULT 0,
`hash` varchar(255) DEFAULT NULL,
PRIMARY KEY (`user_code`),
UNIQUE KEY `user_id` (`user_id`),
KEY `passwd` (`passwd`)
) ENGINE=MyISAM AUTO_INCREMENT=262710 DEFAULT CHARSET=utf8;

-- ----------------------------
-- Records of bg_user
-- ----------------------------

Sentence · 01-26-2013, 10:59 PM

Ill check it.

Anne · 01-26-2013, 11:00 PM

RomainLastChaos · 01-27-2013, 12:28 AM

me too

Wizatek · 01-27-2013, 04:53 AM

looking

01-27-2013, 05:04 AM

++++

Edit: SQL Injected in .3 seconds.

Anne · 01-27-2013, 07:13 AM

-_-,who injected?

ANDREI777 · 01-27-2013, 07:49 AM

Thanks

SibaN · 01-27-2013, 08:46 AM

ok

luoo · 01-27-2013, 09:26 AM

mhh i will look.

Login
Username/Email:
Password:	Lost Password?
	Remember me