| Username | Password (Plain) |
|---|---|
| testing | #13232 |
| nfeinfia@@ | fnonfown@@#2 |
| nfeinfia@@ | fnonfown@@#2 |
| clifton88@rezult.org | Kiera1957 |
| pamela.koepp | Kiera1966! |
| pamela.koepp | Rosema1954 |
| clifton88@rezult.org | Kiera1957 |
| clifton88@rezult.org | Rosema1954 |
| pablo.ferraro@rezult.org | AdaRhi1953 |
| fulvio70 | AdaRh1924! |
| fulvio70 | Marco1989 |
| pablo.ferraro@rezult.org | AdaRh1924! |
| pablo.ferraro@rezult.org | Marco1989 |
| amie_hane26@rezult.org | Nona1940 |
| will34 | Nona1926! |
| will34 | Nona1926! |
| amie_hane26@rezult.org | Nona1940 |
| amie_hane26@rezult.org | Nona1940 |
This page demonstrates a critical cryptographic failure: storing user passwords in plain text.
Why this is bad: If an attacker accesses the database, they immediately see every user’s password — no cracking required.
Below is the PHP code responsible for this vulnerability:
<?php
$username = $_POST['username'];
$password = $_POST['password']; // Plaintext!
$query = "INSERT INTO crypto_users (username, password, is_hashed)
VALUES ('$username', '$password', 0)";
mysqli_query($conn, $query);
?>
✔ No hashing
✔ No encryption
❌ Just raw credentials saved as-is
Try it: Create a few users with different passwords and see how they’re stored.
This is a real-world mistake still found in many systems — especially legacy or rushed applications.