connect_errno) { //echo "Echec lors de la connexion à MySQL : (" . $bdd->connect_errno . ") " . $bdd->connect_error; $state->return = 'error'; $state->string = 'Connection error'; $state_json = json_encode($state); echo $state_json; } $real_user = "puppet-master"; $user = $_POST['username']; $pass = hash("sha256", $_POST['password']); $sql = "SELECT user,password FROM access WHERE user='".$user."' AND password='".$pass."'"; //$sql = "SELECT user,password FROM access WHERE user='admin' OR 1=1 LIMIT 1 OFFSET 1";// AND password='".$pass."'";; // curl -X POST http://localhost/netrunner/login.php -d "password=admiefn&login=Login&username=admin' OR 1 LIMIT 1 OFFSET 1 #" //echo "\n"; //echo $sql; //echo "\n\n"; $res = mysqli_query($bdd, $sql); $num_row = mysqli_num_rows($res); $row=mysqli_fetch_assoc($res); //print_r($row); if ($_POST['username'] === "admin") { $state->return = 'false'; $state->string = 'admin is desactivated. Use your login.'; } elseif ( $num_row == 1 && $row['user'] === $real_user) { $state->return = 'true'; $html_login = "Welcome to your admin board ".$row['user']."

An error occurred while connecting to your implant
[Zetatech Neural Processor MK.II].

Please approach a Zetatech center for an analysis.

IMTLD{w3b_1nT3rf4ceS_4r3_3v1L}"; $state->string = $html_login; } else { $state->return = 'false'; $state->string = 'Access Denied'; } } else { $state->return = 'password'; $state->string = 'Password Missing'; } } else { $state->return = 'username'; $state->string = 'Username Missing'; } $state_json = json_encode($state); echo $state_json; } else { // DEBUG $state->return = 'form'; $state->string = 'Submit form'; $state_json = json_encode($state); echo $state_json; }