ABaDy1996

[hint] : SQLi3 Challenge By ABaDy

Aug 21st, 2018
286
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /* ABaDy SQLi Challenge; Level:M */
  3. $sql = new mysqli("localhost", "conanCTF", "HelloWorld", "conanCTF");
  4. $f = '@(([\'"]).*?[^\\\]\2)|((?:\#|--).*?$|/\*(?:[^/*]|/(?!\*)|\*(?!/)|(?R))*\*\/)\s*|(?<=;)\s+@ms';
  5. $id = $sql->real_escape_string($_GET['id']);
  6. $id = trim(preg_replace($f, '$1', $id));
  7. $q = $sql->query("SELECT * FROM `flags` WHERE (id is not null) and (id={$id} and u_id=1)");
  8. $flag = ($q->num_rows)?$q->fetch_assoc()['flag']:'not found';
  9. if(!isset($_GET['id']) or empty($_GET['id'])):
  10.     header('LOCATION: ./index.php?id=1');
  11.     exit();
  12. endif;
  13. ?>
  14. <!DOCTYPE html>
  15. <html>
  16. <body style="background-color:#FFFFFF;">
  17. <center><img src="Conan.png" alt=";)" height="23%" width="23%"><br><b><font size='7'>sh0w me wh4t y0u c4n d0, </font><font size='7' color='red'>gen!us</font><font size='7'> !</font></b>
  18. <br><br><br>
  19. <b><font size='6' color='red'><? echo $flag; ?></font></b>
  20. </center>
  21. </body>
  22. </html>
RAW Paste Data