Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include 'config.php';
- echo "<html><head><style type='text/css'><!-- body {background-image: url(bg.jpg);background-repeat: no-repeat;height: Percent;width: Percent; background-size: cover;}//--></style> <title>Royal Bank of Fluxembourg</title></head></html>";
- <!-- blind? we will kill you :) -->
- if(isset($_GET['name']) && $_GET['name']!='' && !preg_match('/sleep|benchmark|and|or|\||&/i',$_GET['name'])) {
- $res = mysql_query("SELECT name,email FROM user where name='".$_GET['name']."'");
- if(mysql_fetch_object($res)) {
- // Generation of new password
- //<topsecure content>
- // this was filtered during the creation of the phps file
- //</topsecure content>
- die("A new password was generated and sent to your email address!");
- } else {
- $res = mysql_query("SELECT name,email FROM user where name sounds like '".$_GET['name']."'");
- if(mysql_fetch_object($res)) {
- echo "We couldn't find your username, but it sounds like this user:<br>";
- } else {
- die("We couldn't find your username!<br>Are you sure it is ".htmlspecialchars($_GET['name'],ENT_QUOTES, 'utf-8')."?");
- }
- $res = mysql_query("SELECT name,email FROM user where name sounds like '".$_GET['name']."'");
- while($row = mysql_fetch_object($res)) {
- echo $row->name;
- echo "<br>";
- }
- }
- } else {
- echo "<div style='width:800px; margin:0 auto;'><hr><h1><center>Royal Bank of Fluxembourg<center></h1><hr><br><br>Dear users,<br>We were hacked by Killy the Bit! Please use this site to generate your new password. Login will be available on the 23.10.2014 10:01 CEST<br><br><br></div>";
- echo '<div style="width:400px;margin:0 auto;"<pre><img src=wanted.png></img></pre><br><br>';
- echo '<form action="#" method="get">Please enter your username: <br><input type="text" name="name"><br><input type="submit" name="submit" value="Generate"></form></div>';
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement