Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* ABaDy SQLi Challenge Level:VeryEasy */
- $sql = new mysqli("localhost", "SQLi", 'HelloWorld', "SQLi");
- if(mysqli_connect_errno()) exit("E:".mysqli_connect_error());
- if($_GET['id'] and !empty($_GET[id])){
- $ID = ($_GET['id']);
- $ID = Super_Replace("select","",$ID);
- $ID = Super_Replace("and","",$ID);
- $ID = Super_Replace("or","",$ID);
- $ID = Super_Replace("schema","",$ID);
- $ID = Super_Replace('admins',"",$ID);
- $d = $sql->query("SELECT * FROM `news` WHERE id={$ID}");
- if($d->num_rows){
- $new = $d->fetch_array(MYSQLI_ASSOC);
- echo "
- <html>
- <head>
- <title>{$new[sub]}</title>
- </head>
- <body background='https://img.fireden.net/v/image/1510/97/1510977402305.jpg'>
- <b><h2><font color='yellow'>{$new[sub]}</font></h2></b>
- <h3><font color='yellow'>{$new[text]}</font></h3>
- </body>
- </html>";
- }else{
- echo "
- <html>
- <head>
- <title>Error</title>
- </head>
- <body style='background-size: 100%;' background='https://img.fireden.net/v/image/1510/97/1510977402305.jpg'>
- <b><h2><font color='yellow'>Error SQL Query : {$ID}</font></h2></b>
- </body>
- </html>";
- }
- }else{
- echo "
- <html>
- <head>
- <title>Index</title>
- </head>
- <body style='background-size: 100%;' background='https://img.fireden.net/v/image/1510/97/1510977402305.jpg'>
- <b><h2><font color='yellow'>you can check id 1,2,3,4</font></h2></b>
- </body>
- </html>";
- }
- function Super_Replace($a,$b,$c){
- $a = strtolower($a);
- $d = str_replace($a,$b,$c);
- if(strpos($d,$a)===false){
- return $d;
- }else{
- return Super_Replace($a,$b,$d);
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement