Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(isset($_GET['input']))
- {
- $vuln = $_GET['input'];
- checkVuln($vuln, makeVulnArray("and 1=0"));
- checkRow($vuln, makeVulnArray("order by"));
- elseif(strstr($vuln, "union select 1,2--"))
- {
- echo "id, key";
- }
- elseif(strstr($vuln, "1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())--"))
- {
- echo "vuln,\n";
- echo " 5.1";
- }
- elseif(strstr($vuln, "union select 1,id from vuln--"))
- {
- echo "1";
- }
- elseif(strstr($vuln, "union select 1,key from vuln--"))
- {
- echo "81xj2x09";
- }
- elseif(strstr($vuln, "UNION SELECT 1,2--"))
- {
- echo "id, key";
- }
- elseif(strstr($vuln, "UNION SELECT 1,id FROM vuln--"))
- {
- echo "1";
- }
- elseif(strstr($vuln, "UNION SELECT 1,key FROM vuln--"))
- {
- echo "81xj2x09";
- }
- else
- {
- echo strip_tags(trim($vuln)); //XSS protection
- }
- }
- function makeVulnArray($query) {
- $start = array(" ","' ");
- $end = array("--","/*");
- $vulnArray = array();
- $i = 0;
- foreach ($start as $s) {
- foreach ($end as $e) {
- $vulnArray[i] = $s . $query . $e;
- $i++;
- }
- }
- }
- function checkVuln($input, $vulnArray) {
- $vulnFound = false;
- array_push($vulnArray, "'");
- foreach($vulnArray as $v) {
- if(stristr($input, $v)) {
- echo "You have an error in your MYSQL syntax near line 1";
- $vulnFound = true;
- break;
- }
- }
- if($vulnFound == false) {
- echo strip_tags(trim($input)); //XSS protection
- }
- }
- function checkRow($input, $vulnArray) {
- $toHigh = false;
- foreach($vulnArray as $v) {
- if(stristr($input, substr($v,0,-2))) {
- preg_match('/\d+/', $input, $number);
- $rows = (int)$number[0];
- if($rows > 2) {
- echo "Unknown column '".$rows."' in order clause";
- $toHigh = true;
- break;
- }
- }
- }
- if($toHigh == false) {
- echo strip_tags(trim($input)); //XSS protection
- }
- }
- ?>
- <html>
- <head>
- <title>Poison - I'm sick</title>
- </head>
- <body>
- <form name="input" method="get">
- Text: <input type="text" name="input" />
- <input type="submit" value="Submit" />
- </form>
- <center><a href="/tests/index.html">Back</a></center>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement