Add files via upload

Jeff-Cycode-Test-Org · Sep 4, 2024 · 9384603 · 9384603
1 parent d6319fe
commit 9384603
Showing 1 changed file with 57 additions and 0 deletions.
diff --git a/low.php b/low.php
@@ -0,0 +1,57 @@
+<?php
+
+if( isset( $_GET[ 'Submit' ] ) ) {
+	// Get input
+	$id = $_GET[ 'id' ];
+	$exists = false;
+
+	switch ($_DVWA['SQLI_DB']) {
+		case MYSQL:
+			// Check database
+			$query  = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
+			try {
+				$result = mysqli_query($GLOBALS["___mysqli_ston"],  $query ); // Removed 'or die' to suppress mysql errors
+			} catch (Exception $e) {
+				print "There was an error.";
+				exit;
+			}
+
+			$exists = false;
+			if ($result !== false) {
+				try {
+					$exists = (mysqli_num_rows( $result ) > 0);
+				} catch(Exception $e) {
+					$exists = false;
+				}
+			}
+			((is_null($___mysqli_res = mysqli_close($GLOBALS["___mysqli_ston"]))) ? false : $___mysqli_res);
+			break;
+		case SQLITE:
+			global $sqlite_db_connection;
+
+			$query  = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
+			try {
+				$results = $sqlite_db_connection->query($query);
+				$row = $results->fetchArray();
+				$exists = $row !== false;
+			} catch(Exception $e) {
+				$exists = false;
+			}
+
+			break;
+	}
+
+	if ($exists) {
+		// Feedback for end user
+		$html .= '<pre>User ID exists in the database.</pre>';
+	} else {
+		// User wasn't found, so the page wasn't!
+		header( $_SERVER[ 'SERVER_PROTOCOL' ] . ' 404 Not Found' );
+
+		// Feedback for end user
+		$html .= '<pre>User ID is MISSING from the database.</pre>';
+	}
+
+}
+
+?>