API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 11th, 2016
130
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.15 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. include "config.php";
  4.  
  5. class HITCON{
  6. private $method;
  7. private $args;
  8. private $conn;
  9.  
  10. public function __construct($method, $args) {
  11. $this->method = $method;
  12. $this->args = $args;
  13.  
  14. $this->__conn();
  15. }
  16.  
  17. function show() {
  18. list($username) = func_get_args();
  19. $sql = sprintf("SELECT * FROM users WHERE username='%s'", $username);
  20.  
  21. $obj = $this->__query($sql);
  22. if ( $obj != false ) {
  23. $this->__die( sprintf("%s is %s", $obj->username, $obj->role) );
  24. } else {
  25. $this->__die("Nobody Nobody But You!");
  26. }
  27.  
  28. }
  29.  
  30. function login() {
  31. global $FLAG;
  32.  
  33. list($username, $password) = func_get_args();
  34. $username = strtolower(trim(mysql_escape_string($username)));
  35. $password = strtolower(trim(mysql_escape_string($password)));
  36.  
  37. $sql = sprintf("SELECT * FROM users WHERE username='%s' AND password='%s'", $username, $password);
  38.  
  39. if ( $username == 'orange' || stripos($sql, 'orange') != false ) {
  40. $this->__die("Orange is so shy. He do not want to see you.");
  41. }
  42.  
  43. $obj = $this->__query($sql);
  44. if ( $obj != false && $obj->role == 'admin' ) {
  45. $this->__die("Hi, Orange! Here is your flag: " . $FLAG);
  46. } else {
  47. $this->__die("Admin only!");
  48. }
  49. }
  50.  
  51. function source() {
  52. highlight_file(__FILE__);
  53. }
  54.  
  55. function __conn() {
  56. global $db_host, $db_name, $db_user, $db_pass, $DEBUG;
  57.  
  58. if (!$this->conn)
  59. $this->conn = mysql_connect($db_host, $db_user, $db_pass);
  60. mysql_select_db($db_name, $this->conn);
  61.  
  62. if ($DEBUG) {
  63. $sql = "CREATE TABLE IF NOT EXISTS users (
  64. username VARCHAR(64),
  65. password VARCHAR(64),
  66. role VARCHAR(64)
  67. ) CHARACTER SET utf8";
  68. $this->__query($sql, $back=false);
  69.  
  70. $sql = "INSERT INTO users VALUES ('orange', '$db_pass', 'admin'), ('phddaa', 'ddaa', 'user')";
  71. $this->__query($sql, $back=false);
  72. }
  73.  
  74. mysql_query("SET names utf8");
  75. mysql_query("SET sql_mode = 'strict_all_tables'");
  76. }
  77.  
  78. function __query($sql, $back=true) {
  79. $result = @mysql_query($sql);
  80. if ($back) {
  81. return @mysql_fetch_object($result);
  82. }
  83. }
  84.  
  85. function __die($msg) {
  86. $this->__close();
  87.  
  88. header("Content-Type: application/json");
  89. die( json_encode( array("msg"=> $msg) ) );
  90. }
  91.  
  92. function __close() {
  93. mysql_close($this->conn);
  94. }
  95.  
  96. function __destruct() {
  97. $this->__conn();
  98.  
  99. if (in_array($this->method, array("show", "login", "source"))) {
  100. @call_user_func_array(array($this, $this->method), $this->args);
  101. } else {
  102. $this->__die("What do you do?");
  103. }
  104.  
  105. $this->__close();
  106. }
  107.  
  108. function __wakeup() {
  109. foreach($this->args as $k => $v) {
  110. $this->args[$k] = strtolower(trim(mysql_escape_string($v)));
  111. }
  112. }
  113. }
  114.  
  115. if(isset($_GET["data"])) {
  116. @unserialize($_GET["data"]);
  117. } else {
  118. new HITCON("source", array());
  119. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!