SHARE
TWEET

Untitled

mage_1868 Oct 24th, 2014 (edited) 17 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. include 'config.php';
  3.  
  4. echo "<html><head><style type='text/css'><!-- body {background-image: url(bg.jpg);background-repeat: no-repeat;height: Percent;width: Percent; background-size: cover;}//--></style> <title>Royal Bank of Fluxembourg</title></head></html>";
  5.  
  6. <!-- blind? we will kill you :) -->
  7. if(isset($_GET['name']) && $_GET['name']!='' && !preg_match('/sleep|benchmark|and|or|\||&/i',$_GET['name'])) {
  8.         $res = mysql_query("SELECT name,email FROM user where name='".$_GET['name']."'");
  9.  
  10.         if(mysql_fetch_object($res)) {         
  11.                 // Generation of new password
  12.                 //<topsecure content>
  13.                 // this was filtered during the creation of the phps file
  14.                 //</topsecure content>
  15.                 die("A new password was generated and sent to your email address!");
  16.         } else {
  17.  
  18.  
  19.         $res = mysql_query("SELECT name,email FROM user where name sounds like '".$_GET['name']."'");
  20.  
  21.                 if(mysql_fetch_object($res)) {
  22.                         echo "We couldn't find your username, but it sounds like this user:<br>";
  23.                 } else {
  24.                         die("We couldn't find your username!<br>Are you sure it is ".htmlspecialchars($_GET['name'],ENT_QUOTES, 'utf-8')."?");
  25.                 }
  26.         $res = mysql_query("SELECT name,email FROM user where name sounds like '".$_GET['name']."'");
  27.  
  28.                 while($row = mysql_fetch_object($res)) {
  29.                    echo $row->name;
  30.                    echo "<br>";
  31.                 }
  32.         }
  33. } else {
  34.  
  35. echo "<div style='width:800px; margin:0 auto;'><hr><h1><center>Royal Bank of Fluxembourg<center></h1><hr><br><br>Dear users,<br>We were hacked by Killy the Bit! Please use this site to generate your new password. Login will be available on the 23.10.2014 10:01 CEST<br><br><br></div>";
  36.          echo '<div style="width:400px;margin:0 auto;"<pre><img src=wanted.png></img></pre><br><br>';
  37.         echo '<form action="#" method="get">Please enter your username: <br><input type="text" name="name"><br><input type="submit" name="submit" value="Generate"></form></div>';
  38. }
  39.  
  40. ?>
RAW Paste Data
Top