Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* ABaDy SQLi Challenge; Level:M */
- $sql = new mysqli("localhost", "conanCTF", "HelloWorld", "conanCTF");
- $f = '@(([\'"]).*?[^\\\]\2)|((?:\#|--).*?$|/\*(?:[^/*]|/(?!\*)|\*(?!/)|(?R))*\*\/)\s*|(?<=;)\s+@ms';
- $id = $sql->real_escape_string($_GET['id']);
- $id = trim(preg_replace($f, '$1', $id));
- $q = $sql->query("SELECT * FROM `flags` WHERE (id is not null) and (id={$id} and u_id=1)");
- $flag = ($q->num_rows)?$q->fetch_assoc()['flag']:'not found';
- if(!isset($_GET['id']) or empty($_GET['id'])):
- header('LOCATION: ./index.php?id=1');
- exit();
- endif;
- ?>
- <!DOCTYPE html>
- <html>
- <body style="background-color:#FFFFFF;">
- <center><img src="Conan.png" alt=";)" height="23%" width="23%"><br><b><font size='7'>sh0w me wh4t y0u c4n d0, </font><font size='7' color='red'>gen!us</font><font size='7'> !</font></b>
- <br><br><br>
- <b><font size='6' color='red'><? echo $flag; ?></font></b>
- </center>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
