API tools faq
paste
koaidien

index.php

koaidien
Sep 12th, 2017
79
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.27 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <body background="background.jpg">
  3. <br>
  4. <style>
  5. div.transbox {
  6.   margin: 30px;
  7.   background-color: #ffffff;
  8.   border: 1px solid black;
  9.   opacity: 0.2;
  10.   filter: alpha(opacity=60); /* For IE8 and earlier */
  11. }
  12.  
  13. div.transbox p {
  14.   margin: 5%;
  15.   font-weight: bold;
  16.   color: #000000;
  17. }
  18. </style>
  19. <style>
  20. h1,h2{
  21.   text-align:center;
  22. }
  23. h1{
  24.   color:rgba(100, 50, 255, .8);
  25. }
  26. .rainbow {
  27.    /* Chrome, Safari, Opera */
  28.   -webkit-animation: rainbow 1s infinite;
  29.  
  30.   /* Internet Explorer */
  31.   -ms-animation: rainbow 1s infinite;
  32.  
  33.   /* Standar Syntax */
  34.   animation: rainbow 1s infinite;
  35. }
  36.  
  37. /* Chrome, Safari, Opera */
  38. @-webkit-keyframes rainbow{
  39.     20%{color: red;}
  40.     40%{color: yellow;}
  41.     60%{color: green;}
  42.     80%{color: blue;}
  43.     100%{color: orange;}    
  44. }
  45. /* Internet Explorer */
  46. @-ms-keyframes rainbow{
  47.     20%{color: red;}
  48.     40%{color: yellow;}
  49.     60%{color: green;}
  50.     80%{color: blue;}
  51.     100%{color: orange;}    
  52. }
  53.  
  54. /* Standar Syntax */
  55. @keyframes rainbow{
  56.     20%{color: red;}
  57.     40%{color: yellow;}
  58.     60%{color: green;}
  59.     80%{color: blue;}
  60.     100%{color: orange;}    
  61. }
  62. </style>
  63. <center><h1 class="rainbow">💉 SQLi Ninja Class 🗡</h1></center>
  64. <center><font color='white'>Today sensei will teach you how to use comment in SQL Query. The comment is used to break a Sql query, so all the things after the comment become meaningless, there are 3 comment symbols: "#", "-- " and "/* */". Moreover, Ill show you a special technique!!! ";%00"</font></center><br><br>
  65. <?php
  66. function no_malicious($query)
  67. {
  68.     $regex="/(or|>|<|mid|sub|pad|sleep|mark|if|case|when|reg|like|sound|into|produce|is|count|=|\+|-|,|\/|\\\|\|exp|extract|xml|floor|rand|\||!|file|~)/i";
  69.     $regex2="/[0-9a-zA-Z]+\(/i";
  70.     if(preg_match($regex,$query) || preg_match($regex2,$query))
  71.     {
  72.         die('<h2 class="rainbow">Ninja Need NoThinG!</h2>');
  73.     }
  74.     return $query;
  75. }
  76. ?>
  77. <?php
  78.     //author: tsug0d
  79.     //challenge name: SQLi Ninja Class
  80.     //goal: get flag in database!
  81.     require_once 'dbconnect.php';
  82.     error_reporting(0);
  83.  
  84.     //Ninja needs n0th1ng~~~
  85.     $q1=addslashes($_GET['query1']);
  86.     $q2=addslashes($_GET['query2']);
  87.     $q3=addslashes($_GET['query3']);
  88.     $q4=addslashes($_GET['query4']);
  89.     $q1=no_malicious($q1);
  90.     $q2=no_malicious($q2);
  91.     $q3=no_malicious($q3);
  92.     $q4=no_malicious($q4);
  93.  
  94.     // the # course!
  95.     $query="SELECT 1 from dual#".$q1;
  96.     echo "<center><font size=5 color='yellow'>Practice with #</font></center>";
  97.     echo "<div class=\"transbox\">";
  98.     echo "<center><strong>{$query}</strong></center>";
  99.     echo "</div>";
  100.     $res=mysqli_query($conn,$query);
  101.     $userRow=mysqli_fetch_array($res);
  102.     if($userRow)
  103.     {
  104.         echo '<font color="red">Success</font><br>';
  105.     }
  106.  
  107.  
  108.     // the --  course!
  109.     $query2="SELECT 2 from dual-- ".$q2;
  110.     echo "<center><font size=5 color='yellow'>Practice with -- </font></center>";
  111.     echo "<div class=\"transbox\">";
  112.     echo "<center><strong>{$query2}</strong></center>";
  113.     echo "</div>";
  114.     $res2=mysqli_query($conn,$query2);
  115.     $userRow2=mysqli_fetch_array($res2);
  116.     if($userRow2)
  117.     {
  118.         echo '<font color="red">Success</font><br>';
  119.     }
  120.  
  121.  
  122.     // the /* */ course!
  123.     $query3="SELECT 3 from dual/*".$q3."*/";
  124.     echo "<center><font size=5 color='yellow'>Practice with /* */</font></center>";
  125.     echo "<div class=\"transbox\">";
  126.     echo "<center><strong>{$query3}</strong></center>";
  127.     echo "</div>";
  128.     $res3=mysqli_query($conn,$query3);
  129.     $userRow3=mysqli_fetch_array($res3);
  130.     if($userRow3)
  131.     {
  132.         echo '<font color="red">Success</font><br>';
  133.     }
  134.  
  135.  
  136.     // the special ;%00 course!
  137.     echo "<center><font size=5 color='yellow'>Special Technique ;%00</font></center>";
  138.     $query4="SELECT 4 from dual;\x00"."%00".$q4;
  139.     echo "<div class=\"transbox\">";
  140.     echo "<center><strong>{$query4}</strong></center>";
  141.     echo "</div>";
  142.     $res4=mysqli_query($conn,$query4);
  143.     $userRow4=mysqli_fetch_array($res4);
  144.     if($userRow4)
  145.     {
  146.         echo '<font color="red">Success</font><br>';
  147.     }
  148.  
  149. ?>
  150.  
  151. <!-- Debug ?is_debug=1 -->
  152. <?php
  153.  
  154. if (isset($_GET['is_debug']) && !empty($_GET['is_debug']) && $_GET['is_debug']==='1')
  155. {
  156.     show_source(__FILE__);
  157. }
  158.  
  159. ?>
  160.  
  161.  
  162. </body>
  163. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!