"INSERT INTO tab VALUES ('1')" "INSERT INTO tab VALUES (fcall())" "inSerT intO tab (col) VALUES ('1')" "insert into tab (col_1, col2) values ('1','2')" "insert into ta_ble values ('ab', 'ba s2')" "insert into table values ('" . $inject . "')" "insert into table values ('" . $inject . "','" . $inject_2 . "')" "insert into t values ('1', '" . $inj . "')" "insert into t values ('1','".$inj."')" "insert into t values ('1','".$inj."','2','".$inj2."')" abcsc "INSERT INTO tab VALUES ('1')" "inSerT intO tab (col) VALUES ('1')" asasa "insert into tab (col_1, col2) values ('1','2')" asasas "insert into ta_ble values ('ab', 'ba s2')" asasas "insert into table values ('" . $inject . "')" "insert into table values ('" . $inject . "','" . $inject_2 . "')" "insert into t values ('1', '" . $inj . "')" "insert into t values ('1','".$inj."')" "insert into t values ('1','".$inj."','2','".$inj2."')" "INSERT INTO blog (date, entry, owner) VALUES (now(),'" . $entry . "','" . $owner . "')" "INSERT INTO visitors (date, user_agent, ip_address) VALUES (now(), '" . sqli($user_agent) . "', '" . $ip_address . "')"; ./http_verb_tampering.php: $sql = "SELECT password FROM users WHERE login = '" . $login . "'"; ./http_verb_tampering.php: $sql = "SELECT password FROM users WHERE login = '" . $login . "'"; ./user_extra.php: $sql = "SELECT * FROM users WHERE login = '" . $login . "' OR email = '" . $email . "'"; ./sqli_4.php: $sql = "SELECT * FROM movies WHERE title = '" . sqli($title) . "'"; ./sqli_1.php: $sql = "SELECT * FROM movies WHERE title LIKE '%" . sqli($title) . "%'"; ./hpp-2.php: $sql = "SELECT * FROM movies"; ./ws_soap.php: $sql = "SELECT tickets_stock FROM movies WHERE title = '" . $title . "'"; ./xss_stored_1.php: $sql = "SELECT * FROM blog WHERE owner = '" . $_SESSION["login"] . "'"; ./xss_stored_1.php: $sql = "SELECT * FROM blog"; ./sqli_14.php: $sql = "SELECT * FROM movies WHERE title = '" . sqli($title) . "' COLLATE NOCASE"; ./hpp-3.php: $sql = "SELECT * FROM movies WHERE id = '" . sqli_check_2($movie) . "'"; ./htmli_stored.php: $sql = "SELECT * FROM blog WHERE owner = '" . $_SESSION["login"] . "'"; ./htmli_stored.php: $sql = "SELECT * FROM blog"; ./ba_forgotten.php: $sql = "SELECT * FROM users WHERE email = '" . $email . "'"; Binary file ./apps/movie_search matches ./sqli_9.php: $sql = "SELECT * FROM movies WHERE title LIKE '%" . sqli($title) . "%'"; ./sqli_2.php:$sql = "SELECT * FROM movies"; ./sqli_2.php: $sql = "SELECT * FROM movies"; ./sqli_13-ps.php: $sql = "SELECT title, release_year, genre, main_character, imdb FROM movies WHERE id =?"; ./user_new.php: $sql = "SELECT * FROM users WHERE login = '" . $login . "' OR email = '" . $email . "'"; ./sqli_2-ps.php: $sql = "SELECT title, release_year, genre, main_character, imdb FROM movies WHERE id =?"; ./secret_html.php:$sql = "SELECT * FROM users WHERE login = '" . $login . "'"; ./sqli_7.php:$sql = "SELECT * FROM blog"; ./sqli_12.php: $sql = "SELECT max(id) as id FROM blog;"; ./sqli_12.php:$sql = "SELECT * FROM blog"; ./csrf_1.php: $sql = "SELECT password FROM users WHERE login = '" . $login . "' AND password = '" . $password_curr . "'"; ./xss_href-3.php: $sql = "SELECT * FROM movies WHERE id = '" . sqli_check_2($movie) . "'"; ./hostheader_2.php: $sql = "SELECT * FROM users WHERE email = '" . $email . "'"; ./insecure_crypt_storage_3.php:$sql = "SELECT * FROM users WHERE login = '" . $login . "'"; ./sqli_16.php: $sql = "SELECT * FROM users WHERE login = '" . $login . "'"; ./sm_mitm_2.php: $sql = "SELECT * FROM users WHERE login = '" . $login . "'"; ./user_activation.php: $sql = "SELECT * FROM users WHERE login = '" . $login . "' AND BINARY activation_code = '" . $activation_code . "'"; ./insecure_crypt_storage_1.php:$sql = "SELECT * FROM users WHERE login = '" . $login . "'"; ./xss_href-2.php: $sql = "SELECT * FROM movies"; ./sqli_5.php: $sql = "SELECT * FROM movies"; ./cs_validation.php: $sql = "SELECT password FROM users WHERE login = '" . $login . "' AND password = '" . $password_curr . "'"; ./sqli_15.php: $sql = "SELECT * FROM movies WHERE title = '" . sqli($title) . "'"; ./sqli_15.php: $sql = "SELECT email FROM users WHERE login = '" . $login . "'"; ./login.php: $sql = "SELECT * FROM users WHERE login = '" . $login; ./sqli_13.php:$sql = "SELECT * FROM movies"; ./sqli_13.php: $sql = "SELECT * FROM movies"; ./xss_login.php: $sql = "SELECT * FROM heroes WHERE login = '" . $login . "' AND password = '" . $password . "'"; ./secret.php:$sql = "SELECT * FROM users WHERE login = '" . $login . "'"; ./secret_change.php: $sql = "SELECT * FROM users WHERE email = '" . $email . "' AND BINARY reset_code = '" . $reset_code . "'"; ./sqli_17.php:$sql = "SELECT * FROM visitors ORDER by id DESC LIMIT 3"; ./sqli_11.php: $sql = "SELECT * FROM movies WHERE title LIKE '%" . sqli($title) . "%'"; ./sqli_6.php: $sql = "SELECT * FROM movies WHERE title LIKE '%" . sqli($title) . "%'"; ./password_change.php: $sql = "SELECT password FROM users WHERE login = '" . $login . "' AND password = '" . $password_curr . "'"; ./xss_stored_4.php:$sql = "SELECT * FROM visitors ORDER by id DESC LIMIT 3"; ./sqli_10-2.php: $sql = "SELECT * FROM movies WHERE title LIKE '%" . sqli($title) . "%'"; ./sqli_3.php: $sql = "SELECT * FROM heroes WHERE login = '" . $login . "' AND password = '" . $password . "'";