- md5: documentation ( source)
<?php
//$argv = array(null, "' OR 1=1--", 'root');
$argv = array(null, "root", 'root');
echo "<!doctype html>\n";
$username = @$_GET['username'] ? $_GET['username'] : $argv[1];
$password = @$_GET['password'] ? $_GET['password'] : $argv[2];
$password = md5($password);
$pdo = new PDO('sqlite::memory:');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->exec("DROP TABLE IF EXISTS users");
$pdo->exec("CREATE TABLE users (username VARCHAR(255), password VARCHAR(255))");
$rootPassword = md5("secret");
$pdo->exec("INSERT INTO users (username, password) VALUES ('root', '$rootPassword');");
echo $q = "SELECT * FROM users WHERE username = ? AND password = ?";
$statement = $pdo->prepare($q);
$statement->execute(array($username, $password));
if (count($statement->fetchAll())) {
echo "<br>\nAccess granted to $username!<br>\n";
} else {
echo "<br>\nAccess denied for $username!<br>\n";
}