SHARE
TWEET

brokensql1

a guest Jul 27th, 2017 6 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Br0kenMySQL
  2.  
  3.  
  4.  
  5. <title>Br0kenMySQL</title><h1><pre>
  6. <p style='color:Red'>Br0kenMySQL</p>
  7. <?php
  8.  
  9. if($_GET['debug']=='🕵') die(highlight_file(__FILE__));
  10.  
  11. require 'config.php';
  12.  
  13. $link = mysqli_connect('localhost', MYSQL_USER, MYSQL_PASSWORD);
  14.  
  15. if (!$link) {
  16.     die('Could not connect: ' . mysql_error());
  17. }
  18.  
  19. if (!mysqli_select_db($link,MYSQL_USER)) {
  20.     die('Could not select database: ' . mysql_error());
  21. }
  22.     $id = $_GET['id'];
  23.     if(preg_match('#sleep|benchmark|floor|rand|count#is',$id))
  24.         die('Don\'t hurt me :-(');
  25.     $query = mysqli_query($link,"SELECT username FROM users WHERE id = ". $id);
  26.     $row = mysqli_fetch_array($query);
  27.     $username = $row['username'];
  28.  
  29.     if($username === 'guest'){
  30.  
  31.         $ip = @$_SERVER['HTTP_X_FORWARDED_FOR']!="" ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
  32.         if(preg_match('#sleep|benchmark|floor|rand|count#is',$ip))
  33.             die('Don\'t hurt me :-(');
  34.         var_dump($ip);
  35.         if(!empty($ip))
  36.             mysqli_query($link,"INSERT INTO logs VALUES('{$ip}')");
  37.  
  38.         $query = mysqli_query($link,"SELECT username FROM users WHERE id = ". $id);
  39.         $row = mysqli_fetch_array($query);
  40.         $username = $row['username'];
  41.         if($username === 'admin'){
  42.             echo "What ???????\nLogin as guest&admin at the same time ?\nSeems our code is broken, here is your bounty\n";
  43.             die(FLAG);
  44.         }
  45.         echo "Nothing here";
  46.     } else {
  47.         echo "Hello ".$username;
  48.     }
  49.  
  50.  
  51.  
  52.  
  53. ?>
  54. </h1>
  55. </pre>
  56.  
  57. 1
RAW Paste Data
Top