SHARE
TWEET

dotcppfile - Tutorial

a guest Oct 4th, 2014 349 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. $id = $_GET["id"]; //Vulnerable Parameter
  4.  
  5. $con=mysqli_connect("localhost","root","","tutorial");
  6.  
  7. $result = mysqli_query($con, "SELECT `filename`, `location` FROM `downloads` where `id`=$id");
  8.  
  9. while($row = mysqli_fetch_row($result))
  10. {
  11.         $filename = $row[0];
  12.         $location = $row[1];
  13. }
  14.  
  15. mysqli_close($con);
  16.  
  17. header('Content-Disposition: attachment; filename='.$filename);
  18. readfile($location);
  19.  
  20. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top